@attested-intelligence/aga-mcp-server 0.1.1 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (197) hide show
  1. package/README.md +106 -24
  2. package/dist/context.d.ts +39 -0
  3. package/dist/context.d.ts.map +1 -0
  4. package/dist/context.js +113 -0
  5. package/dist/context.js.map +1 -0
  6. package/dist/core/identity.d.ts +14 -0
  7. package/dist/core/identity.d.ts.map +1 -0
  8. package/dist/core/identity.js +16 -0
  9. package/dist/core/identity.js.map +1 -0
  10. package/dist/core/index.d.ts +3 -0
  11. package/dist/core/index.d.ts.map +1 -1
  12. package/dist/core/index.js +3 -0
  13. package/dist/core/index.js.map +1 -1
  14. package/dist/core/measurement.d.ts +16 -0
  15. package/dist/core/measurement.d.ts.map +1 -0
  16. package/dist/core/measurement.js +18 -0
  17. package/dist/core/measurement.js.map +1 -0
  18. package/dist/core/portal.d.ts +1 -1
  19. package/dist/core/portal.d.ts.map +1 -1
  20. package/dist/core/portal.js +10 -5
  21. package/dist/core/portal.js.map +1 -1
  22. package/dist/core/types.d.ts +2 -3
  23. package/dist/core/types.d.ts.map +1 -1
  24. package/dist/crypto/canonicalize.d.ts +7 -0
  25. package/dist/crypto/canonicalize.d.ts.map +1 -0
  26. package/dist/crypto/canonicalize.js +21 -0
  27. package/dist/crypto/canonicalize.js.map +1 -0
  28. package/dist/crypto/hash.d.ts +1 -1
  29. package/dist/crypto/hash.d.ts.map +1 -1
  30. package/dist/crypto/hash.js +1 -1
  31. package/dist/crypto/hash.js.map +1 -1
  32. package/dist/crypto/index.d.ts +6 -5
  33. package/dist/crypto/index.d.ts.map +1 -1
  34. package/dist/crypto/index.js +6 -5
  35. package/dist/crypto/index.js.map +1 -1
  36. package/dist/crypto/keys.d.ts +10 -0
  37. package/dist/crypto/keys.d.ts.map +1 -0
  38. package/dist/crypto/keys.js +19 -0
  39. package/dist/crypto/keys.js.map +1 -0
  40. package/dist/index.js +1 -1
  41. package/dist/index.js.map +1 -1
  42. package/dist/middleware/governance.d.ts +1 -7
  43. package/dist/middleware/governance.d.ts.map +1 -1
  44. package/dist/middleware/governance.js +11 -18
  45. package/dist/middleware/governance.js.map +1 -1
  46. package/dist/prompts/drift-analysis.d.ts +13 -0
  47. package/dist/prompts/drift-analysis.d.ts.map +1 -0
  48. package/dist/prompts/drift-analysis.js +43 -0
  49. package/dist/prompts/drift-analysis.js.map +1 -0
  50. package/dist/prompts/governance-report.d.ts +7 -0
  51. package/dist/prompts/governance-report.d.ts.map +1 -0
  52. package/dist/prompts/governance-report.js +26 -0
  53. package/dist/prompts/governance-report.js.map +1 -0
  54. package/dist/prompts/nccoe-demo.d.ts +14 -0
  55. package/dist/prompts/nccoe-demo.d.ts.map +1 -0
  56. package/dist/prompts/nccoe-demo.js +47 -0
  57. package/dist/prompts/nccoe-demo.js.map +1 -0
  58. package/dist/resources/cosai-mapping.d.ts +24 -0
  59. package/dist/resources/cosai-mapping.d.ts.map +1 -0
  60. package/dist/resources/cosai-mapping.js +127 -0
  61. package/dist/resources/cosai-mapping.js.map +1 -0
  62. package/dist/resources/crypto-primitives.d.ts +3 -0
  63. package/dist/resources/crypto-primitives.d.ts.map +1 -0
  64. package/dist/resources/crypto-primitives.js +52 -0
  65. package/dist/resources/crypto-primitives.js.map +1 -0
  66. package/dist/resources/sample-bundle.d.ts +6 -0
  67. package/dist/resources/sample-bundle.d.ts.map +1 -0
  68. package/dist/resources/sample-bundle.js +58 -0
  69. package/dist/resources/sample-bundle.js.map +1 -0
  70. package/dist/resources/specification.d.ts +3 -0
  71. package/dist/resources/specification.d.ts.map +1 -0
  72. package/dist/resources/specification.js +161 -0
  73. package/dist/resources/specification.js.map +1 -0
  74. package/dist/server.d.ts +3 -7
  75. package/dist/server.d.ts.map +1 -1
  76. package/dist/server.js +214 -343
  77. package/dist/server.js.map +1 -1
  78. package/dist/storage/sqlite.js +1 -1
  79. package/dist/tools/create-artifact.d.ts +25 -0
  80. package/dist/tools/create-artifact.d.ts.map +1 -0
  81. package/dist/tools/create-artifact.js +85 -0
  82. package/dist/tools/create-artifact.js.map +1 -0
  83. package/dist/tools/delegate-subagent.d.ts +18 -0
  84. package/dist/tools/delegate-subagent.d.ts.map +1 -0
  85. package/dist/tools/delegate-subagent.js +50 -0
  86. package/dist/tools/delegate-subagent.js.map +1 -0
  87. package/dist/tools/disclose-claim.d.ts +14 -0
  88. package/dist/tools/disclose-claim.d.ts.map +1 -0
  89. package/dist/tools/disclose-claim.js +23 -0
  90. package/dist/tools/disclose-claim.js.map +1 -0
  91. package/dist/tools/export-bundle.d.ts +8 -0
  92. package/dist/tools/export-bundle.d.ts.map +1 -0
  93. package/dist/tools/export-bundle.js +25 -0
  94. package/dist/tools/export-bundle.js.map +1 -0
  95. package/dist/tools/full-lifecycle.d.ts +16 -0
  96. package/dist/tools/full-lifecycle.d.ts.map +1 -0
  97. package/dist/tools/full-lifecycle.js +121 -0
  98. package/dist/tools/full-lifecycle.js.map +1 -0
  99. package/dist/tools/generate-receipt.d.ts +16 -0
  100. package/dist/tools/generate-receipt.d.ts.map +1 -0
  101. package/dist/tools/generate-receipt.js +31 -0
  102. package/dist/tools/generate-receipt.js.map +1 -0
  103. package/dist/tools/get-chain.d.ts +14 -0
  104. package/dist/tools/get-chain.d.ts.map +1 -0
  105. package/dist/tools/get-chain.js +45 -0
  106. package/dist/tools/get-chain.js.map +1 -0
  107. package/dist/tools/get-portal-state.d.ts +8 -0
  108. package/dist/tools/get-portal-state.d.ts.map +1 -0
  109. package/dist/tools/get-portal-state.js +15 -0
  110. package/dist/tools/get-portal-state.js.map +1 -0
  111. package/dist/tools/init-chain.d.ts +10 -0
  112. package/dist/tools/init-chain.d.ts.map +1 -0
  113. package/dist/tools/init-chain.js +13 -0
  114. package/dist/tools/init-chain.js.map +1 -0
  115. package/dist/tools/measure-behavior.d.ts +12 -0
  116. package/dist/tools/measure-behavior.d.ts.map +1 -0
  117. package/dist/tools/measure-behavior.js +29 -0
  118. package/dist/tools/measure-behavior.js.map +1 -0
  119. package/dist/tools/measure-subject.d.ts +15 -0
  120. package/dist/tools/measure-subject.d.ts.map +1 -0
  121. package/dist/tools/measure-subject.js +106 -0
  122. package/dist/tools/measure-subject.js.map +1 -0
  123. package/dist/tools/quarantine-status.d.ts +8 -0
  124. package/dist/tools/quarantine-status.d.ts.map +1 -0
  125. package/dist/tools/quarantine-status.js +16 -0
  126. package/dist/tools/quarantine-status.js.map +1 -0
  127. package/dist/tools/revoke-artifact.d.ts +13 -0
  128. package/dist/tools/revoke-artifact.d.ts.map +1 -0
  129. package/dist/tools/revoke-artifact.js +24 -0
  130. package/dist/tools/revoke-artifact.js.map +1 -0
  131. package/dist/tools/rotate-keys.d.ts +13 -0
  132. package/dist/tools/rotate-keys.d.ts.map +1 -0
  133. package/dist/tools/rotate-keys.js +39 -0
  134. package/dist/tools/rotate-keys.js.map +1 -0
  135. package/dist/tools/server-info.d.ts +8 -0
  136. package/dist/tools/server-info.d.ts.map +1 -0
  137. package/dist/tools/server-info.js +23 -0
  138. package/dist/tools/server-info.js.map +1 -0
  139. package/dist/tools/set-verification-tier.d.ts +11 -0
  140. package/dist/tools/set-verification-tier.d.ts.map +1 -0
  141. package/dist/tools/set-verification-tier.js +31 -0
  142. package/dist/tools/set-verification-tier.js.map +1 -0
  143. package/dist/tools/start-monitoring.d.ts +12 -0
  144. package/dist/tools/start-monitoring.d.ts.map +1 -0
  145. package/dist/tools/start-monitoring.js +17 -0
  146. package/dist/tools/start-monitoring.js.map +1 -0
  147. package/dist/tools/trigger-measurement.d.ts +15 -0
  148. package/dist/tools/trigger-measurement.d.ts.map +1 -0
  149. package/dist/tools/trigger-measurement.js +86 -0
  150. package/dist/tools/trigger-measurement.js.map +1 -0
  151. package/dist/tools/verify-artifact.d.ts +13 -0
  152. package/dist/tools/verify-artifact.d.ts.map +1 -0
  153. package/dist/tools/verify-artifact.js +6 -0
  154. package/dist/tools/verify-artifact.js.map +1 -0
  155. package/dist/tools/verify-bundle.d.ts +13 -0
  156. package/dist/tools/verify-bundle.d.ts.map +1 -0
  157. package/dist/tools/verify-bundle.js +6 -0
  158. package/dist/tools/verify-bundle.js.map +1 -0
  159. package/dist/types.d.ts +261 -0
  160. package/dist/types.d.ts.map +1 -0
  161. package/dist/types.js +8 -0
  162. package/dist/types.js.map +1 -0
  163. package/package.json +18 -3
  164. package/AGA_MCP_SERVER_SPEC.md +0 -632
  165. package/src/core/artifact.ts +0 -45
  166. package/src/core/attestation.ts +0 -33
  167. package/src/core/behavioral.ts +0 -132
  168. package/src/core/bundle.ts +0 -31
  169. package/src/core/chain.ts +0 -72
  170. package/src/core/checkpoint.ts +0 -22
  171. package/src/core/delegation.ts +0 -146
  172. package/src/core/disclosure.ts +0 -32
  173. package/src/core/index.ts +0 -11
  174. package/src/core/portal.ts +0 -96
  175. package/src/core/quarantine.ts +0 -16
  176. package/src/core/receipt.ts +0 -33
  177. package/src/core/subject.ts +0 -11
  178. package/src/core/types.ts +0 -244
  179. package/src/crypto/hash.ts +0 -33
  180. package/src/crypto/index.ts +0 -5
  181. package/src/crypto/merkle.ts +0 -43
  182. package/src/crypto/salt.ts +0 -18
  183. package/src/crypto/sign.ts +0 -35
  184. package/src/crypto/types.ts +0 -19
  185. package/src/index.ts +0 -12
  186. package/src/middleware/governance.ts +0 -95
  187. package/src/middleware/index.ts +0 -1
  188. package/src/server.ts +0 -436
  189. package/src/storage/index.ts +0 -3
  190. package/src/storage/interface.ts +0 -21
  191. package/src/storage/memory.ts +0 -27
  192. package/src/storage/sqlite.ts +0 -45
  193. package/src/tools/README.md +0 -13
  194. package/src/utils/canonical.ts +0 -14
  195. package/src/utils/constants.ts +0 -3
  196. package/src/utils/timestamp.ts +0 -12
  197. package/src/utils/uuid.ts +0 -2
@@ -0,0 +1,45 @@
1
+ import { verifyChainIntegrity } from '../core/chain.js';
2
+ const FILTER_MAP = {
3
+ behavioral: ['BEHAVIORAL_DRIFT'],
4
+ delegations: ['DELEGATION'],
5
+ receipts: ['INTERACTION_RECEIPT'],
6
+ revocations: ['REVOCATION'],
7
+ attestations: ['POLICY_ISSUANCE', 'RE_ATTESTATION', 'ATTESTATION'],
8
+ disclosure: ['DISCLOSURE', 'SUBSTITUTION'],
9
+ keys: ['KEY_ROTATION'],
10
+ };
11
+ export async function handleGetChain(args, ctx) {
12
+ let events = (args.start_seq !== undefined && args.end_seq !== undefined)
13
+ ? await ctx.storage.getEvents(args.start_seq, args.end_seq)
14
+ : await ctx.storage.getAllEvents();
15
+ // Apply filter_type
16
+ if (args.filter_type && args.filter_type !== 'all') {
17
+ const allowedTypes = FILTER_MAP[args.filter_type];
18
+ if (allowedTypes) {
19
+ events = events.filter(e => allowedTypes.includes(e.event_type));
20
+ }
21
+ }
22
+ const result = {
23
+ count: events.length,
24
+ events: events.map(e => ({
25
+ sequence_number: e.sequence_number,
26
+ event_type: e.event_type,
27
+ event_id: e.event_id,
28
+ timestamp: e.timestamp,
29
+ leaf_hash: e.leaf_hash.slice(0, 16) + '...',
30
+ previous_leaf_hash: e.previous_leaf_hash ? e.previous_leaf_hash.slice(0, 16) + '...' : null,
31
+ payload_hash: e.payload_hash.slice(0, 16) + '...',
32
+ })),
33
+ };
34
+ if (args.verify) {
35
+ const allEvents = await ctx.storage.getAllEvents();
36
+ const integrity = verifyChainIntegrity(allEvents);
37
+ result.chain_valid = integrity.valid;
38
+ result.broken_at = integrity.brokenAt;
39
+ result.verification_error = integrity.error;
40
+ result.leaf_hash_formula = 'SHA-256(schema_version || protocol_version || event_type || event_id || sequence_number || timestamp || previous_leaf_hash) - PAYLOAD EXCLUDED';
41
+ result.event_signature_covers = 'COMPLETE event including payload';
42
+ }
43
+ return ctx.json(result);
44
+ }
45
+ //# sourceMappingURL=get-chain.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"get-chain.js","sourceRoot":"","sources":["../../src/tools/get-chain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAUxD,MAAM,UAAU,GAA6B;IAC3C,UAAU,EAAE,CAAC,kBAAkB,CAAC;IAChC,WAAW,EAAE,CAAC,YAAY,CAAC;IAC3B,QAAQ,EAAE,CAAC,qBAAqB,CAAC;IACjC,WAAW,EAAE,CAAC,YAAY,CAAC;IAC3B,YAAY,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,EAAE,aAAa,CAAC;IAClE,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;IAC1C,IAAI,EAAE,CAAC,cAAc,CAAC;CACvB,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAAkB,EAAE,GAAkB;IACzE,IAAI,MAAM,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC;QACvE,CAAC,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC;QAC3D,CAAC,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;IAErC,oBAAoB;IACpB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;QACnD,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAA4B;QACtC,KAAK,EAAE,MAAM,CAAC,MAAM;QACpB,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACvB,eAAe,EAAE,CAAC,CAAC,eAAe;YAClC,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YAC3C,kBAAkB,EAAE,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI;YAC3F,YAAY,EAAE,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;SAClD,CAAC,CAAC;KACJ,CAAC;IAEF,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,CAAC,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC;QACrC,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC;QACtC,MAAM,CAAC,kBAAkB,GAAG,SAAS,CAAC,KAAK,CAAC;QAC5C,MAAM,CAAC,iBAAiB,GAAG,gJAAgJ,CAAC;QAC5K,MAAM,CAAC,sBAAsB,GAAG,kCAAkC,CAAC;IACrE,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC1B,CAAC"}
@@ -0,0 +1,8 @@
1
+ import type { ServerContext } from '../context.js';
2
+ export declare function handleGetPortalState(_args: Record<string, never>, ctx: ServerContext): Promise<{
3
+ content: Array<{
4
+ type: "text";
5
+ text: string;
6
+ }>;
7
+ }>;
8
+ //# sourceMappingURL=get-portal-state.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"get-portal-state.d.ts","sourceRoot":"","sources":["../../src/tools/get-portal-state.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,aAAa;;;;;GAa1F"}
@@ -0,0 +1,15 @@
1
+ export async function handleGetPortalState(_args, ctx) {
2
+ return ctx.json({
3
+ state: ctx.portal.state,
4
+ artifact_loaded: !!ctx.portal.artifact,
5
+ sealed_hash: ctx.portal.artifact?.sealed_hash ?? null,
6
+ ttl_seconds: ctx.portal.artifact?.enforcement_parameters.ttl_seconds ?? null,
7
+ issued_at: ctx.portal.artifact?.issued_timestamp ?? null,
8
+ enforcement_triggers: ctx.portal.artifact?.enforcement_parameters.enforcement_triggers ?? [],
9
+ sequence_counter: ctx.portal.sequenceCounter,
10
+ quarantine_active: ctx.quarantine?.active ?? false,
11
+ verification_tier: ctx.verificationTier,
12
+ measurement_count: ctx.measurementCount,
13
+ });
14
+ }
15
+ //# sourceMappingURL=get-portal-state.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"get-portal-state.js","sourceRoot":"","sources":["../../src/tools/get-portal-state.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,KAA4B,EAAE,GAAkB;IACzF,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QACvB,eAAe,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ;QACtC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,WAAW,IAAI,IAAI;QACrD,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,sBAAsB,CAAC,WAAW,IAAI,IAAI;QAC5E,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,IAAI,IAAI;QACxD,oBAAoB,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,sBAAsB,CAAC,oBAAoB,IAAI,EAAE;QAC5F,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe;QAC5C,iBAAiB,EAAE,GAAG,CAAC,UAAU,EAAE,MAAM,IAAI,KAAK;QAClD,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;KACxC,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,10 @@
1
+ import type { ServerContext } from '../context.js';
2
+ export declare function handleInitChain(args: {
3
+ specification_hash?: string;
4
+ }, ctx: ServerContext): Promise<{
5
+ content: Array<{
6
+ type: "text";
7
+ text: string;
8
+ }>;
9
+ }>;
10
+ //# sourceMappingURL=init-chain.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"init-chain.d.ts","sourceRoot":"","sources":["../../src/tools/init-chain.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,eAAe,CAAC,IAAI,EAAE;IAAE,kBAAkB,CAAC,EAAE,MAAM,CAAA;CAAE,EAAE,GAAG,EAAE,aAAa;;;;;GAQ9F"}
@@ -0,0 +1,13 @@
1
+ import { sha256Str } from '../crypto/hash.js';
2
+ import { createGenesisEvent } from '../core/chain.js';
3
+ export async function handleInitChain(args, ctx) {
4
+ if (ctx.chainInitialized)
5
+ return ctx.error('Chain already initialized');
6
+ const genesis = createGenesisEvent(ctx.chainKP, args.specification_hash ?? sha256Str('AGA Protocol Specification v2.0.0'));
7
+ await ctx.storage.storeEvent(genesis);
8
+ ctx.chainInitialized = true;
9
+ ctx.portal.sequenceCounter = 0;
10
+ ctx.portal.lastLeafHash = genesis.leaf_hash;
11
+ return ctx.json({ success: true, genesis_event_id: genesis.event_id, genesis_leaf_hash: genesis.leaf_hash });
12
+ }
13
+ //# sourceMappingURL=init-chain.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"init-chain.js","sourceRoot":"","sources":["../../src/tools/init-chain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAGtD,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAAqC,EAAE,GAAkB;IAC7F,IAAI,GAAG,CAAC,gBAAgB;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,kBAAkB,IAAI,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAC3H,MAAM,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACtC,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAC5B,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,CAAC;IAC/B,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;IAC5C,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,CAAC,QAAQ,EAAE,iBAAiB,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;AAC/G,CAAC"}
@@ -0,0 +1,12 @@
1
+ import type { ServerContext } from '../context.js';
2
+ export interface MeasureBehaviorArgs {
3
+ tool_name?: string;
4
+ record_only?: boolean;
5
+ }
6
+ export declare function handleMeasureBehavior(args: MeasureBehaviorArgs, ctx: ServerContext): Promise<{
7
+ content: Array<{
8
+ type: "text";
9
+ text: string;
10
+ }>;
11
+ }>;
12
+ //# sourceMappingURL=measure-behavior.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"measure-behavior.d.ts","sourceRoot":"","sources":["../../src/tools/measure-behavior.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,wBAAsB,qBAAqB,CAAC,IAAI,EAAE,mBAAmB,EAAE,GAAG,EAAE,aAAa;;;;;GA4BxF"}
@@ -0,0 +1,29 @@
1
+ import { sha256Str } from '../crypto/hash.js';
2
+ export async function handleMeasureBehavior(args, ctx) {
3
+ // If a tool_name is provided, record the invocation first
4
+ if (args.tool_name) {
5
+ ctx.behavioralMonitor.recordInvocation(args.tool_name, sha256Str(args.tool_name));
6
+ }
7
+ // If record_only, just acknowledge the recording
8
+ if (args.record_only) {
9
+ return ctx.json({
10
+ success: true,
11
+ recorded: args.tool_name,
12
+ record_only: true,
13
+ });
14
+ }
15
+ // Measure behavioral patterns
16
+ const measurement = ctx.behavioralMonitor.measure();
17
+ if (measurement.drift_detected) {
18
+ await ctx.appendToChain('BEHAVIORAL_DRIFT', {
19
+ violations: measurement.violations,
20
+ behavioral_hash: measurement.behavioral_hash,
21
+ });
22
+ }
23
+ return ctx.json({
24
+ success: true,
25
+ ...measurement,
26
+ violation_count: measurement.violations.length,
27
+ });
28
+ }
29
+ //# sourceMappingURL=measure-behavior.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"measure-behavior.js","sourceRoot":"","sources":["../../src/tools/measure-behavior.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAQ9C,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAAyB,EAAE,GAAkB;IACvF,0DAA0D;IAC1D,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,GAAG,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACpF,CAAC;IAED,iDAAiD;IACjD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,OAAO,GAAG,CAAC,IAAI,CAAC;YACd,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;IACL,CAAC;IAED,8BAA8B;IAC9B,MAAM,WAAW,GAAG,GAAG,CAAC,iBAAiB,CAAC,OAAO,EAAE,CAAC;IACpD,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;QAC/B,MAAM,GAAG,CAAC,aAAa,CAAC,kBAAkB,EAAE;YAC1C,UAAU,EAAE,WAAW,CAAC,UAAU;YAClC,eAAe,EAAE,WAAW,CAAC,eAAe;SAC7C,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,GAAG,WAAW;QACd,eAAe,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;KAC/C,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,15 @@
1
+ import type { ServerContext } from '../context.js';
2
+ import type { SubjectMetadata } from '../core/types.js';
3
+ export interface MeasureSubjectArgs {
4
+ subject_content?: string;
5
+ subject_bytes_hash?: string;
6
+ subject_metadata_hash?: string;
7
+ subject_metadata?: SubjectMetadata;
8
+ }
9
+ export declare function handleMeasureSubject(args: MeasureSubjectArgs, ctx: ServerContext): Promise<{
10
+ content: Array<{
11
+ type: "text";
12
+ text: string;
13
+ }>;
14
+ }>;
15
+ //# sourceMappingURL=measure-subject.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"measure-subject.d.ts","sourceRoot":"","sources":["../../src/tools/measure-subject.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,eAAe,EAAqB,MAAM,kBAAkB,CAAC;AAE3E,MAAM,WAAW,kBAAkB;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,CAAC,EAAE,eAAe,CAAC;CACpC;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,aAAa;;;;;GA0GtF"}
@@ -0,0 +1,106 @@
1
+ import { hashArtifact } from '../core/artifact.js';
2
+ import { generateReceipt } from '../core/receipt.js';
3
+ import { initQuarantine } from '../core/quarantine.js';
4
+ export async function handleMeasureSubject(args, ctx) {
5
+ if (!ctx.portal.artifact)
6
+ return ctx.error('No artifact loaded. Call aga_create_artifact first.');
7
+ if (ctx.portal.state === 'TERMINATED')
8
+ return ctx.error('Portal is terminated. Re-attest required.');
9
+ if (ctx.portal.state === 'SAFE_STATE')
10
+ return ctx.error('Portal is in safe state. Re-attest required.');
11
+ let currentBytesHash;
12
+ let currentMetaHash;
13
+ let match;
14
+ if (args.subject_bytes_hash) {
15
+ // Pre-computed hash mode
16
+ currentBytesHash = args.subject_bytes_hash;
17
+ currentMetaHash = args.subject_metadata_hash ?? ctx.portal.artifact.subject_identifier.metadata_hash;
18
+ match = currentBytesHash === ctx.portal.artifact.subject_identifier.bytes_hash &&
19
+ currentMetaHash === ctx.portal.artifact.subject_identifier.metadata_hash;
20
+ if (!match && ctx.portal.state === 'ACTIVE_MONITORING') {
21
+ ctx.portal.state = 'DRIFT_DETECTED';
22
+ }
23
+ }
24
+ else if (args.subject_content) {
25
+ // Content mode - use portal.measure()
26
+ const result = ctx.portal.measure(new TextEncoder().encode(args.subject_content), args.subject_metadata ?? {});
27
+ currentBytesHash = result.currentBytesHash;
28
+ currentMetaHash = result.currentMetaHash;
29
+ match = result.match;
30
+ if (!result.ttl_ok) {
31
+ ctx.measurementCount++;
32
+ const receipt = generateReceipt({
33
+ subjectId: ctx.portal.artifact.subject_identifier, artifactRef: hashArtifact(ctx.portal.artifact),
34
+ currentHash: 'UNAVAILABLE', sealedHash: `${result.expectedBytesHash}||${result.expectedMetaHash}`,
35
+ driftDetected: true, driftDescription: 'TTL expired - fail-closed termination', action: 'TERMINATE',
36
+ measurementType: ctx.portal.artifact.enforcement_parameters.measurement_types.join(','),
37
+ seq: ctx.portal.sequenceCounter + 1, prevLeaf: ctx.portal.lastLeafHash, portalKP: ctx.portalKP,
38
+ });
39
+ await ctx.storage.storeReceipt(receipt);
40
+ await ctx.appendToChain('INTERACTION_RECEIPT', { receipt_id: receipt.receipt_id, drift_detected: true, enforcement_action: 'TERMINATE' });
41
+ return ctx.json({ success: true, match: false, drift_detected: true, ttl_ok: false, revoked: false, enforcement_action: 'TERMINATE', portal_state: ctx.portal.state, receipt_id: receipt.receipt_id, measurement_count: ctx.measurementCount });
42
+ }
43
+ if (result.revoked) {
44
+ ctx.measurementCount++;
45
+ const receipt = generateReceipt({
46
+ subjectId: ctx.portal.artifact.subject_identifier, artifactRef: hashArtifact(ctx.portal.artifact),
47
+ currentHash: 'UNAVAILABLE', sealedHash: `${result.expectedBytesHash}||${result.expectedMetaHash}`,
48
+ driftDetected: true, driftDescription: 'Artifact revoked - fail-closed termination', action: 'TERMINATE',
49
+ measurementType: ctx.portal.artifact.enforcement_parameters.measurement_types.join(','),
50
+ seq: ctx.portal.sequenceCounter + 1, prevLeaf: ctx.portal.lastLeafHash, portalKP: ctx.portalKP,
51
+ });
52
+ await ctx.storage.storeReceipt(receipt);
53
+ await ctx.appendToChain('INTERACTION_RECEIPT', { receipt_id: receipt.receipt_id, drift_detected: true, enforcement_action: 'TERMINATE' });
54
+ return ctx.json({ success: true, match: false, drift_detected: true, ttl_ok: true, revoked: true, enforcement_action: 'TERMINATE', portal_state: ctx.portal.state, receipt_id: receipt.receipt_id, measurement_count: ctx.measurementCount });
55
+ }
56
+ }
57
+ else {
58
+ return ctx.error('Provide either subject_content or subject_bytes_hash');
59
+ }
60
+ const artRef = hashArtifact(ctx.portal.artifact);
61
+ const currentStr = `${currentBytesHash}||${currentMetaHash}`;
62
+ const sealedStr = `${ctx.portal.artifact.subject_identifier.bytes_hash}||${ctx.portal.artifact.subject_identifier.metadata_hash}`;
63
+ let action = null;
64
+ let driftDesc = null;
65
+ if (!match) {
66
+ driftDesc = 'Subject modified - hash mismatch';
67
+ action = ctx.portal.artifact.enforcement_parameters.enforcement_triggers[0] ?? 'ALERT_ONLY';
68
+ if (ctx.portal.state === 'DRIFT_DETECTED') {
69
+ ctx.portal.enforce(action);
70
+ }
71
+ if (action === 'QUARANTINE')
72
+ ctx.quarantine = initQuarantine();
73
+ }
74
+ ctx.measurementCount++;
75
+ const receipt = generateReceipt({
76
+ subjectId: ctx.portal.artifact.subject_identifier,
77
+ artifactRef: artRef,
78
+ currentHash: currentStr,
79
+ sealedHash: sealedStr,
80
+ driftDetected: !match,
81
+ driftDescription: driftDesc,
82
+ action,
83
+ measurementType: ctx.portal.artifact.enforcement_parameters.measurement_types.join(','),
84
+ seq: ctx.portal.sequenceCounter + 1,
85
+ prevLeaf: ctx.portal.lastLeafHash,
86
+ portalKP: ctx.portalKP,
87
+ });
88
+ await ctx.storage.storeReceipt(receipt);
89
+ await ctx.appendToChain('INTERACTION_RECEIPT', {
90
+ receipt_id: receipt.receipt_id,
91
+ drift_detected: !match,
92
+ enforcement_action: action,
93
+ });
94
+ return ctx.json({
95
+ success: true,
96
+ match,
97
+ drift_detected: !match,
98
+ ttl_ok: true,
99
+ revoked: false,
100
+ enforcement_action: action,
101
+ portal_state: ctx.portal.state,
102
+ receipt_id: receipt.receipt_id,
103
+ measurement_count: ctx.measurementCount,
104
+ });
105
+ }
106
+ //# sourceMappingURL=measure-subject.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"measure-subject.js","sourceRoot":"","sources":["../../src/tools/measure-subject.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAYvD,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAwB,EAAE,GAAkB;IACrF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;IAClG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,YAAY;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;IACrG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,YAAY;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAExG,IAAI,gBAAwB,CAAC;IAC7B,IAAI,eAAuB,CAAC;IAC5B,IAAI,KAAc,CAAC;IAEnB,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC5B,yBAAyB;QACzB,gBAAgB,GAAG,IAAI,CAAC,kBAAkB,CAAC;QAC3C,eAAe,GAAG,IAAI,CAAC,qBAAqB,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QACrG,KAAK,GAAG,gBAAgB,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YACtE,eAAe,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QACjF,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,mBAAmB,EAAE,CAAC;YACtD,GAAG,CAAC,MAAc,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QAChC,sCAAsC;QACtC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAC/B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EAC9C,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAC5B,CAAC;QACF,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAC3C,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QACzC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,eAAe,CAAC;gBAC9B,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,EAAE,WAAW,EAAE,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACjG,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,iBAAiB,KAAK,MAAM,CAAC,gBAAgB,EAAE;gBACjG,aAAa,EAAE,IAAI,EAAE,gBAAgB,EAAE,uCAAuC,EAAE,MAAM,EAAE,WAAW;gBACnG,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;gBACvF,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ;aAC/F,CAAC,CAAC;YACH,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,GAAG,CAAC,aAAa,CAAC,qBAAqB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,kBAAkB,EAAE,WAAW,EAAE,CAAC,CAAC;YAC1I,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,iBAAiB,EAAE,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAClP,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,eAAe,CAAC;gBAC9B,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,EAAE,WAAW,EAAE,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACjG,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,iBAAiB,KAAK,MAAM,CAAC,gBAAgB,EAAE;gBACjG,aAAa,EAAE,IAAI,EAAE,gBAAgB,EAAE,4CAA4C,EAAE,MAAM,EAAE,WAAW;gBACxG,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;gBACvF,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ;aAC/F,CAAC,CAAC;YACH,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,GAAG,CAAC,aAAa,CAAC,qBAAqB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,kBAAkB,EAAE,WAAW,EAAE,CAAC,CAAC;YAC1I,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,iBAAiB,EAAE,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAChP,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,GAAG,gBAAgB,KAAK,eAAe,EAAE,CAAC;IAC7D,MAAM,SAAS,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;IAElI,IAAI,MAAM,GAA6B,IAAI,CAAC;IAC5C,IAAI,SAAS,GAAkB,IAAI,CAAC;IAEpC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,SAAS,GAAG,kCAAkC,CAAC;QAC/C,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC;QAC5F,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,gBAAgB,EAAE,CAAC;YAC1C,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,MAAM,KAAK,YAAY;YAAE,GAAG,CAAC,UAAU,GAAG,cAAc,EAAE,CAAC;IACjE,CAAC;IAED,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAEvB,MAAM,OAAO,GAAG,eAAe,CAAC;QAC9B,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB;QACjD,WAAW,EAAE,MAAM;QACnB,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,SAAS;QACrB,aAAa,EAAE,CAAC,KAAK;QACrB,gBAAgB,EAAE,SAAS;QAC3B,MAAM;QACN,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;QACvF,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC;QACnC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,YAAY;QACjC,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACvB,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,GAAG,CAAC,aAAa,CAAC,qBAAqB,EAAE;QAC7C,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,cAAc,EAAE,CAAC,KAAK;QACtB,kBAAkB,EAAE,MAAM;KAC3B,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,KAAK;QACL,cAAc,EAAE,CAAC,KAAK;QACtB,MAAM,EAAE,IAAI;QACZ,OAAO,EAAE,KAAK;QACd,kBAAkB,EAAE,MAAM;QAC1B,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;KACxC,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,8 @@
1
+ import type { ServerContext } from '../context.js';
2
+ export declare function handleQuarantineStatus(_args: Record<string, never>, ctx: ServerContext): Promise<{
3
+ content: Array<{
4
+ type: "text";
5
+ text: string;
6
+ }>;
7
+ }>;
8
+ //# sourceMappingURL=quarantine-status.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"quarantine-status.d.ts","sourceRoot":"","sources":["../../src/tools/quarantine-status.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,sBAAsB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,aAAa;;;;;GAe5F"}
@@ -0,0 +1,16 @@
1
+ export async function handleQuarantineStatus(_args, ctx) {
2
+ if (ctx.portal.state !== 'PHANTOM_QUARANTINE' && !ctx.quarantine?.active) {
3
+ return ctx.error('Quarantine status unavailable - portal is not in quarantine state', {
4
+ portal_state: ctx.portal.state,
5
+ });
6
+ }
7
+ return ctx.json({
8
+ quarantine_active: ctx.quarantine?.active ?? false,
9
+ started_at: ctx.quarantine?.started_at ?? null,
10
+ inputs_captured: ctx.quarantine?.inputs_captured ?? 0,
11
+ outputs_severed: ctx.quarantine?.outputs_severed ?? false,
12
+ forensic_buffer_size: ctx.quarantine?.forensic_buffer.length ?? 0,
13
+ portal_state: ctx.portal.state,
14
+ });
15
+ }
16
+ //# sourceMappingURL=quarantine-status.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"quarantine-status.js","sourceRoot":"","sources":["../../src/tools/quarantine-status.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,KAA4B,EAAE,GAAkB;IAC3F,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,oBAAoB,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QACzE,OAAO,GAAG,CAAC,KAAK,CAAC,mEAAmE,EAAE;YACpF,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,iBAAiB,EAAE,GAAG,CAAC,UAAU,EAAE,MAAM,IAAI,KAAK;QAClD,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,UAAU,IAAI,IAAI;QAC9C,eAAe,EAAE,GAAG,CAAC,UAAU,EAAE,eAAe,IAAI,CAAC;QACrD,eAAe,EAAE,GAAG,CAAC,UAAU,EAAE,eAAe,IAAI,KAAK;QACzD,oBAAoB,EAAE,GAAG,CAAC,UAAU,EAAE,eAAe,CAAC,MAAM,IAAI,CAAC;QACjE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;KAC/B,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,13 @@
1
+ import type { ServerContext } from '../context.js';
2
+ export interface RevokeArtifactArgs {
3
+ sealed_hash?: string;
4
+ reason: string;
5
+ transition_to?: 'TERMINATED' | 'SAFE_STATE';
6
+ }
7
+ export declare function handleRevokeArtifact(args: RevokeArtifactArgs, ctx: ServerContext): Promise<{
8
+ content: Array<{
9
+ type: "text";
10
+ text: string;
11
+ }>;
12
+ }>;
13
+ //# sourceMappingURL=revoke-artifact.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"revoke-artifact.d.ts","sourceRoot":"","sources":["../../src/tools/revoke-artifact.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,WAAW,kBAAkB;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,YAAY,GAAG,YAAY,CAAC;CAC7C;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,aAAa;;;;;GAsBtF"}
@@ -0,0 +1,24 @@
1
+ import { pkToHex } from '../crypto/sign.js';
2
+ import { utcNow } from '../utils/timestamp.js';
3
+ export async function handleRevokeArtifact(args, ctx) {
4
+ const sealedHash = args.sealed_hash ?? ctx.activeArtifact?.sealed_hash;
5
+ if (!sealedHash)
6
+ return ctx.error('No sealed_hash provided and no active artifact.');
7
+ const transition = args.transition_to ?? 'TERMINATED';
8
+ ctx.portal.revoke(sealedHash, transition);
9
+ const record = {
10
+ artifact_sealed_hash: sealedHash,
11
+ reason: args.reason,
12
+ revoked_by: pkToHex(ctx.issuerKP.publicKey),
13
+ timestamp: utcNow(),
14
+ };
15
+ await ctx.appendToChain('REVOCATION', { ...record, transition_to: transition });
16
+ return ctx.json({
17
+ success: true,
18
+ revoked: sealedHash,
19
+ portal_state: ctx.portal.state,
20
+ reason: args.reason,
21
+ transition_to: transition,
22
+ });
23
+ }
24
+ //# sourceMappingURL=revoke-artifact.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"revoke-artifact.js","sourceRoot":"","sources":["../../src/tools/revoke-artifact.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAU/C,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAwB,EAAE,GAAkB;IACrF,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC;IACvE,IAAI,CAAC,UAAU;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;IAErF,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,IAAI,YAAY,CAAC;IACtD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAqB;QAC/B,oBAAoB,EAAE,UAAU;QAChC,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC3C,SAAS,EAAE,MAAM,EAAE;KACpB,CAAC;IACF,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,GAAG,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC,CAAC;IAEhF,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,UAAU;QACnB,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,aAAa,EAAE,UAAU;KAC1B,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,13 @@
1
+ import type { ServerContext } from '../context.js';
2
+ export interface RotateKeysArgs {
3
+ key_type?: 'issuer' | 'portal' | 'chain';
4
+ keypair?: 'issuer' | 'portal' | 'chain';
5
+ reason?: string;
6
+ }
7
+ export declare function handleRotateKeys(args: RotateKeysArgs, ctx: ServerContext): Promise<{
8
+ content: Array<{
9
+ type: "text";
10
+ text: string;
11
+ }>;
12
+ }>;
13
+ //# sourceMappingURL=rotate-keys.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"rotate-keys.d.ts","sourceRoot":"","sources":["../../src/tools/rotate-keys.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC;IACzC,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,aAAa;;;;;GAsC9E"}
@@ -0,0 +1,39 @@
1
+ import { rotateKeys } from '../core/identity.js';
2
+ export async function handleRotateKeys(args, ctx) {
3
+ const keyType = args.key_type ?? args.keypair;
4
+ if (!keyType)
5
+ return ctx.error('Provide key_type or keypair parameter.');
6
+ let result;
7
+ switch (keyType) {
8
+ case 'issuer':
9
+ result = rotateKeys(ctx.issuerKP);
10
+ ctx.issuerKP = result.newKeyPair;
11
+ break;
12
+ case 'portal':
13
+ result = rotateKeys(ctx.portalKP);
14
+ ctx.portalKP = result.newKeyPair;
15
+ break;
16
+ case 'chain':
17
+ result = rotateKeys(ctx.chainKP);
18
+ ctx.chainKP = result.newKeyPair;
19
+ break;
20
+ default:
21
+ return ctx.error(`Invalid key_type: ${keyType}. Must be issuer, portal, or chain.`);
22
+ }
23
+ await ctx.appendToChain('KEY_ROTATION', {
24
+ key_type: keyType,
25
+ old_public_key: result.oldPublicKeyHex,
26
+ new_public_key: result.newPublicKeyHex,
27
+ rotated_at: result.rotatedAt,
28
+ reason: args.reason ?? 'Key rotation',
29
+ });
30
+ return ctx.json({
31
+ success: true,
32
+ key_type: keyType,
33
+ old_public_key: result.oldPublicKeyHex,
34
+ new_public_key: result.newPublicKeyHex,
35
+ rotated_at: result.rotatedAt,
36
+ reason: args.reason,
37
+ });
38
+ }
39
+ //# sourceMappingURL=rotate-keys.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"rotate-keys.js","sourceRoot":"","sources":["../../src/tools/rotate-keys.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AASjD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAoB,EAAE,GAAkB;IAC7E,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC;IAC9C,IAAI,CAAC,OAAO;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAEzE,IAAI,MAAM,CAAC;IACX,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,QAAQ;YACX,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACjC,GAAW,CAAC,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC;YAC1C,MAAM;QACR,KAAK,QAAQ;YACX,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACjC,GAAW,CAAC,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC;YAC1C,MAAM;QACR,KAAK,OAAO;YACV,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAChC,GAAW,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC;YACzC,MAAM;QACR;YACE,OAAO,GAAG,CAAC,KAAK,CAAC,qBAAqB,OAAO,qCAAqC,CAAC,CAAC;IACxF,CAAC;IAED,MAAM,GAAG,CAAC,aAAa,CAAC,cAAc,EAAE;QACtC,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,UAAU,EAAE,MAAM,CAAC,SAAS;QAC5B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,cAAc;KACtC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,UAAU,EAAE,MAAM,CAAC,SAAS;QAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,8 @@
1
+ import type { ServerContext } from '../context.js';
2
+ export declare function handleServerInfo(_args: Record<string, never>, ctx: ServerContext): Promise<{
3
+ content: Array<{
4
+ type: "text";
5
+ text: string;
6
+ }>;
7
+ }>;
8
+ //# sourceMappingURL=server-info.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"server-info.d.ts","sourceRoot":"","sources":["../../src/tools/server-info.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,aAAa;;;;;GAoBtF"}
@@ -0,0 +1,23 @@
1
+ import { pkToHex } from '../crypto/sign.js';
2
+ export async function handleServerInfo(_args, ctx) {
3
+ return ctx.json({
4
+ server: 'AGA MCP Server',
5
+ version: '2.0.0',
6
+ protocol: 'Attested Governance Artifacts v2.0.0',
7
+ nist_references: ['NIST-2025-0035', 'NCCoE AI Agent Identity'],
8
+ framework_alignment: {
9
+ spiffe: 'SPIFFE provides workload identity (SVID); AGA binds governance to workload intent',
10
+ nist_sp_800_57: 'Key management aligned with SP 800-57 recommendations',
11
+ nist_ai_rmf: 'AI Risk Management Framework: Govern, Map, Measure, Manage',
12
+ },
13
+ issuer_public_key: pkToHex(ctx.issuerKP.publicKey),
14
+ portal_public_key: pkToHex(ctx.portalKP.publicKey),
15
+ chain_public_key: pkToHex(ctx.chainKP.publicKey),
16
+ chain_initialized: ctx.chainInitialized,
17
+ portal_state: ctx.portal.state,
18
+ verification_tier: ctx.verificationTier,
19
+ measurement_count: ctx.measurementCount,
20
+ uptime_ms: Date.now() - Date.parse(ctx.startTime),
21
+ });
22
+ }
23
+ //# sourceMappingURL=server-info.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"server-info.js","sourceRoot":"","sources":["../../src/tools/server-info.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG5C,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,KAA4B,EAAE,GAAkB;IACrF,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,MAAM,EAAE,gBAAgB;QACxB,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,sCAAsC;QAChD,eAAe,EAAE,CAAC,gBAAgB,EAAE,yBAAyB,CAAC;QAC9D,mBAAmB,EAAE;YACnB,MAAM,EAAE,mFAAmF;YAC3F,cAAc,EAAE,uDAAuD;YACvE,WAAW,EAAE,4DAA4D;SAC1E;QACD,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAClD,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAClD,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC;QAChD,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;KAClD,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,11 @@
1
+ import type { ServerContext } from '../context.js';
2
+ export interface SetVerificationTierArgs {
3
+ tier: 'BRONZE' | 'SILVER' | 'GOLD';
4
+ }
5
+ export declare function handleSetVerificationTier(args: SetVerificationTierArgs, ctx: ServerContext): Promise<{
6
+ content: Array<{
7
+ type: "text";
8
+ text: string;
9
+ }>;
10
+ }>;
11
+ //# sourceMappingURL=set-verification-tier.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"set-verification-tier.d.ts","sourceRoot":"","sources":["../../src/tools/set-verification-tier.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;CACpC;AAiBD,wBAAsB,yBAAyB,CAAC,IAAI,EAAE,uBAAuB,EAAE,GAAG,EAAE,aAAa;;;;;GAehG"}
@@ -0,0 +1,31 @@
1
+ const TIER_DESCRIPTIONS = {
2
+ BRONZE: {
3
+ description: 'Cryptographic signatures only - artifact and receipt verification via Ed25519',
4
+ trust_assumption: 'Trust that signing keys are not compromised',
5
+ },
6
+ SILVER: {
7
+ description: 'Signatures plus continuity chain verification - tamper-evident event linkage',
8
+ trust_assumption: 'Trust the chain operator plus key integrity',
9
+ },
10
+ GOLD: {
11
+ description: 'Full verification with blockchain-anchored Merkle proofs - offline-verifiable evidence bundles',
12
+ trust_assumption: 'Minimal trust - cryptographic proof anchored to immutable external ledger',
13
+ },
14
+ };
15
+ export async function handleSetVerificationTier(args, ctx) {
16
+ const validTiers = ['BRONZE', 'SILVER', 'GOLD'];
17
+ if (!validTiers.includes(args.tier)) {
18
+ return ctx.error(`Invalid tier: ${args.tier}. Must be BRONZE, SILVER, or GOLD.`);
19
+ }
20
+ const previousTier = ctx.verificationTier;
21
+ ctx.verificationTier = args.tier;
22
+ const info = TIER_DESCRIPTIONS[args.tier];
23
+ return ctx.json({
24
+ success: true,
25
+ previous_tier: previousTier,
26
+ current_tier: ctx.verificationTier,
27
+ description: info.description,
28
+ trust_assumption: info.trust_assumption,
29
+ });
30
+ }
31
+ //# sourceMappingURL=set-verification-tier.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"set-verification-tier.js","sourceRoot":"","sources":["../../src/tools/set-verification-tier.ts"],"names":[],"mappings":"AAMA,MAAM,iBAAiB,GAAsE;IAC3F,MAAM,EAAE;QACN,WAAW,EAAE,+EAA+E;QAC5F,gBAAgB,EAAE,6CAA6C;KAChE;IACD,MAAM,EAAE;QACN,WAAW,EAAE,8EAA8E;QAC3F,gBAAgB,EAAE,6CAA6C;KAChE;IACD,IAAI,EAAE;QACJ,WAAW,EAAE,gGAAgG;QAC7G,gBAAgB,EAAE,2EAA2E;KAC9F;CACF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,IAA6B,EAAE,GAAkB;IAC/F,MAAM,UAAU,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAU,CAAC;IACzD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAW,CAAC,EAAE,CAAC;QAC3C,OAAO,GAAG,CAAC,KAAK,CAAC,iBAAiB,IAAI,CAAC,IAAI,oCAAoC,CAAC,CAAC;IACnF,CAAC;IACD,MAAM,YAAY,GAAG,GAAG,CAAC,gBAAgB,CAAC;IAC1C,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC;IACjC,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1C,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,aAAa,EAAE,YAAY;QAC3B,YAAY,EAAE,GAAG,CAAC,gBAAgB;QAClC,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;KACxC,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,12 @@
1
+ import type { ServerContext } from '../context.js';
2
+ import type { BehavioralBaseline } from '../core/behavioral.js';
3
+ export interface StartMonitoringArgs {
4
+ behavioral_baseline?: BehavioralBaseline;
5
+ }
6
+ export declare function handleStartMonitoring(args: StartMonitoringArgs, ctx: ServerContext): Promise<{
7
+ content: Array<{
8
+ type: "text";
9
+ text: string;
10
+ }>;
11
+ }>;
12
+ //# sourceMappingURL=start-monitoring.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"start-monitoring.d.ts","sourceRoot":"","sources":["../../src/tools/start-monitoring.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAEhE,MAAM,WAAW,mBAAmB;IAClC,mBAAmB,CAAC,EAAE,kBAAkB,CAAC;CAC1C;AAED,wBAAsB,qBAAqB,CAAC,IAAI,EAAE,mBAAmB,EAAE,GAAG,EAAE,aAAa;;;;;GAexF"}
@@ -0,0 +1,17 @@
1
+ export async function handleStartMonitoring(args, ctx) {
2
+ if (!ctx.portal.artifact)
3
+ return ctx.error('No artifact loaded. Call aga_create_artifact first.');
4
+ if (ctx.portal.state !== 'ACTIVE_MONITORING')
5
+ return ctx.error(`Cannot start monitoring in state ${ctx.portal.state}`);
6
+ ctx.behavioralMonitor.reset();
7
+ if (args.behavioral_baseline) {
8
+ ctx.behavioralMonitor.setBaseline(args.behavioral_baseline);
9
+ }
10
+ return ctx.json({
11
+ success: true,
12
+ portal_state: ctx.portal.state,
13
+ monitoring_active: true,
14
+ baseline_set: !!args.behavioral_baseline,
15
+ });
16
+ }
17
+ //# sourceMappingURL=start-monitoring.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"start-monitoring.js","sourceRoot":"","sources":["../../src/tools/start-monitoring.ts"],"names":[],"mappings":"AAOA,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAAyB,EAAE,GAAkB;IACvF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;IAClG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,mBAAmB;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,oCAAoC,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IAEvH,GAAG,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;IAC9B,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC7B,GAAG,CAAC,iBAAiB,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,iBAAiB,EAAE,IAAI;QACvB,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB;KACzC,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,15 @@
1
+ import type { ServerContext } from '../context.js';
2
+ export interface TriggerMeasurementArgs {
3
+ subject_content?: string;
4
+ subject_bytes_hash?: string;
5
+ subject_metadata_hash?: string;
6
+ measurement_type?: string;
7
+ subject_metadata?: Record<string, string>;
8
+ }
9
+ export declare function handleTriggerMeasurement(args: TriggerMeasurementArgs, ctx: ServerContext): Promise<{
10
+ content: Array<{
11
+ type: "text";
12
+ text: string;
13
+ }>;
14
+ }>;
15
+ //# sourceMappingURL=trigger-measurement.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"trigger-measurement.d.ts","sourceRoot":"","sources":["../../src/tools/trigger-measurement.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,WAAW,sBAAsB;IACrC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C;AAED,wBAAsB,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,aAAa;;;;;GA2E9F"}