@attested-intelligence/aga-mcp-server 2.0.0 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +57 -36
- package/dist/core/types.d.ts +0 -1
- package/dist/core/types.d.ts.map +1 -1
- package/dist/crypto/hash.d.ts +1 -1
- package/dist/crypto/hash.d.ts.map +1 -1
- package/dist/crypto/hash.js +1 -1
- package/dist/crypto/hash.js.map +1 -1
- package/dist/prompts/nccoe-demo.d.ts.map +1 -1
- package/dist/prompts/nccoe-demo.js +1 -2
- package/dist/prompts/nccoe-demo.js.map +1 -1
- package/dist/resources/cosai-mapping.d.ts +24 -0
- package/dist/resources/cosai-mapping.d.ts.map +1 -0
- package/dist/resources/cosai-mapping.js +127 -0
- package/dist/resources/cosai-mapping.js.map +1 -0
- package/dist/resources/crypto-primitives.d.ts +1 -1
- package/dist/resources/crypto-primitives.d.ts.map +1 -1
- package/dist/resources/crypto-primitives.js +2 -2
- package/dist/resources/specification.d.ts +1 -1
- package/dist/resources/specification.d.ts.map +1 -1
- package/dist/resources/specification.js +59 -5
- package/dist/resources/specification.js.map +1 -1
- package/dist/server.d.ts +1 -2
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +14 -17
- package/dist/server.js.map +1 -1
- package/dist/tools/server-info.d.ts.map +1 -1
- package/dist/tools/server-info.js +0 -1
- package/dist/tools/server-info.js.map +1 -1
- package/dist/types.d.ts +0 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +0 -1
- package/dist/types.js.map +1 -1
- package/package.json +3 -4
- package/PATENTS.md +0 -28
- package/dist/resources/patent-claims.d.ts +0 -3
- package/dist/resources/patent-claims.d.ts.map +0 -1
- package/dist/resources/patent-claims.js +0 -67
- package/dist/resources/patent-claims.js.map +0 -1
package/README.md
CHANGED
|
@@ -1,49 +1,47 @@
|
|
|
1
1
|
# @attested-intelligence/aga-mcp-server v2.0.0
|
|
2
2
|
|
|
3
|
-
MCP server
|
|
3
|
+
[](https://lobehub.com/mcp/attested-intelligence-aga-mcp-server)
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
**Referenced in:** NIST-2025-0035, NCCoE AI Agent Identity and Authorization
|
|
5
|
+
MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems.
|
|
7
6
|
|
|
8
7
|
## What It Does
|
|
9
8
|
|
|
10
9
|
This server acts as a **Portal** (zero-trust Policy Enforcement Point) for AI agents. Every tool call is attested, measured against a sealed cryptographic reference, and logged to a tamper-evident continuity chain with signed receipts.
|
|
11
10
|
|
|
12
|
-
**20 tools,
|
|
11
|
+
**20 tools, 3 resources, 3 prompts, 159 tests**
|
|
13
12
|
|
|
14
13
|
## 20 MCP Tools
|
|
15
14
|
|
|
16
|
-
| # | Tool |
|
|
17
|
-
|
|
18
|
-
| 1 | `aga_server_info` |
|
|
19
|
-
| 2 | `aga_init_chain` |
|
|
20
|
-
| 3 | `aga_create_artifact` |
|
|
21
|
-
| 4 | `aga_measure_subject` |
|
|
22
|
-
| 5 | `aga_verify_artifact` |
|
|
23
|
-
| 6 | `aga_start_monitoring` |
|
|
24
|
-
| 7 | `aga_get_portal_state` |
|
|
25
|
-
| 8 | `aga_trigger_measurement` |
|
|
26
|
-
| 9 | `aga_generate_receipt` |
|
|
27
|
-
| 10 | `aga_export_bundle` |
|
|
28
|
-
| 11 | `aga_verify_bundle` |
|
|
29
|
-
| 12 | `aga_disclose_claim` |
|
|
30
|
-
| 13 | `aga_get_chain` |
|
|
31
|
-
| 14 | `aga_quarantine_status` |
|
|
32
|
-
| 15 | `aga_revoke_artifact` |
|
|
33
|
-
| 16 | `aga_set_verification_tier` |
|
|
34
|
-
| 17 | `aga_demonstrate_lifecycle` |
|
|
35
|
-
| 18 | `aga_measure_behavior` |
|
|
36
|
-
| 19 | `aga_delegate_to_subagent` |
|
|
37
|
-
| 20 | `aga_rotate_keys` |
|
|
38
|
-
|
|
39
|
-
##
|
|
15
|
+
| # | Tool | Description |
|
|
16
|
+
| --- | --- | --- |
|
|
17
|
+
| 1 | `aga_server_info` | Server identity, keys, portal state, framework alignment |
|
|
18
|
+
| 2 | `aga_init_chain` | Initialize continuity chain with genesis event |
|
|
19
|
+
| 3 | `aga_create_artifact` | Attest subject, generate sealed Policy Artifact |
|
|
20
|
+
| 4 | `aga_measure_subject` | Measure subject, compare to sealed ref, generate receipt |
|
|
21
|
+
| 5 | `aga_verify_artifact` | Verify artifact signature against issuer key |
|
|
22
|
+
| 6 | `aga_start_monitoring` | Start/restart behavioral monitoring with baseline |
|
|
23
|
+
| 7 | `aga_get_portal_state` | Current portal enforcement state and TTL |
|
|
24
|
+
| 8 | `aga_trigger_measurement` | Trigger measurement with specific type |
|
|
25
|
+
| 9 | `aga_generate_receipt` | Generate signed measurement receipt manually |
|
|
26
|
+
| 10 | `aga_export_bundle` | Package artifact + receipts + Merkle proofs |
|
|
27
|
+
| 11 | `aga_verify_bundle` | 4-step offline bundle verification |
|
|
28
|
+
| 12 | `aga_disclose_claim` | Privacy-preserving disclosure with auto-substitution |
|
|
29
|
+
| 13 | `aga_get_chain` | Get chain events with optional integrity verification |
|
|
30
|
+
| 14 | `aga_quarantine_status` | Quarantine state and forensic capture status |
|
|
31
|
+
| 15 | `aga_revoke_artifact` | Mid-session artifact revocation |
|
|
32
|
+
| 16 | `aga_set_verification_tier` | Set verification tier (BRONZE/SILVER/GOLD) |
|
|
33
|
+
| 17 | `aga_demonstrate_lifecycle` | Full lifecycle: attest, measure, checkpoint, verify |
|
|
34
|
+
| 18 | `aga_measure_behavior` | Behavioral drift detection (tool patterns) |
|
|
35
|
+
| 19 | `aga_delegate_to_subagent` | Constrained sub-agent delegation (scope only diminishes) |
|
|
36
|
+
| 20 | `aga_rotate_keys` | Key rotation with chain event |
|
|
37
|
+
|
|
38
|
+
## 3 Resources
|
|
40
39
|
|
|
41
40
|
| Resource | URI | Description |
|
|
42
|
-
|
|
41
|
+
| --- | --- | --- |
|
|
43
42
|
| Protocol Spec | `aga://specification/protocol-v2` | Full protocol specification with SPIFFE alignment |
|
|
44
43
|
| Sample Bundle | `aga://resources/sample-bundle` | Sample evidence bundle documentation |
|
|
45
44
|
| Crypto Primitives | `aga://resources/crypto-primitives` | Cryptographic primitives documentation |
|
|
46
|
-
| Patent Claims | `aga://resources/patent-claims` | 20 patent claims mapped to tools |
|
|
47
45
|
|
|
48
46
|
## 3 Prompts
|
|
49
47
|
|
|
@@ -53,20 +51,43 @@ This server acts as a **Portal** (zero-trust Policy Enforcement Point) for AI ag
|
|
|
53
51
|
| `governance-report` | Session governance summary report |
|
|
54
52
|
| `drift-analysis` | Drift event analysis and remediation |
|
|
55
53
|
|
|
54
|
+
## CoSAI MCP Security Threat Coverage
|
|
55
|
+
|
|
56
|
+
The AGA MCP Server addresses all 12 threat categories identified in the
|
|
57
|
+
[CoSAI MCP Security whitepaper](https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/main/model-context-protocol-security.md)
|
|
58
|
+
(Coalition for Secure AI / OASIS, January 2026).
|
|
59
|
+
|
|
60
|
+
| CoSAI Category | Threat Domain | AGA Governance Mechanism |
|
|
61
|
+
|---|---|---|
|
|
62
|
+
| T1: Improper Authentication | Identity & Access | Ed25519 artifact signatures, pinned issuer keys, TTL re-attestation, key rotation chain events |
|
|
63
|
+
| T2: Missing Access Control | Identity & Access | Portal as mandatory enforcement boundary, sealed constraints, delegation with scope diminishment |
|
|
64
|
+
| T3: Input Validation Failures | Input Handling | Runtime measurement against sealed reference, behavioral drift detection |
|
|
65
|
+
| T4: Data/Control Boundary Failures | Input Handling | Behavioral baseline (permitted tools, forbidden sequences, rate limits), phantom execution forensics |
|
|
66
|
+
| T5: Inadequate Data Protection | Data & Code | Salted commitments, privacy-preserving disclosure with substitution, inference risk prevention |
|
|
67
|
+
| T6: Missing Integrity Controls | Data & Code | Content-addressable hash binding, 10 measurement embodiments, continuous runtime verification |
|
|
68
|
+
| T7: Session/Transport Security | Network & Transport | TTL-based artifact expiration, fail-closed on expiry, mid-session revocation, Ed25519 signed receipts |
|
|
69
|
+
| T8: Network Isolation Failures | Network & Transport | Two-process architecture, agent holds no credentials, NETWORK_ISOLATE enforcement action |
|
|
70
|
+
| T9: Trust Boundary Failures | Trust & Design | Enforcement pre-committed by human authorities in sealed artifact, not delegated to LLM |
|
|
71
|
+
| T10: Resource Management | Trust & Design | Per-tool rate limits in behavioral baseline, configurable measurement cadence (10ms to 3600s) |
|
|
72
|
+
| T11: Supply Chain Failures | Operational | Content-addressable hashing at attestation, runtime hash comparison blocks modified components |
|
|
73
|
+
| T12: Insufficient Observability | Operational | Signed receipts, tamper-evident continuity chain, Merkle anchoring, offline evidence bundles |
|
|
74
|
+
|
|
75
|
+
Full mapping details available via the `aga://specification` resource.
|
|
76
|
+
|
|
56
77
|
## Quick Start
|
|
57
78
|
|
|
58
79
|
```bash
|
|
59
80
|
npm install && npm run build && npm test
|
|
60
81
|
```
|
|
61
82
|
|
|
62
|
-
## Connect to
|
|
83
|
+
## Connect to an MCP Client
|
|
63
84
|
|
|
64
|
-
Add to
|
|
85
|
+
Add to your MCP client config:
|
|
65
86
|
|
|
66
87
|
```json
|
|
67
88
|
{
|
|
68
89
|
"mcpServers": {
|
|
69
|
-
"aga": { "command": "node", "args": ["
|
|
90
|
+
"aga": { "command": "node", "args": ["/path/to/aga-mcp-server/dist/index.js"] }
|
|
70
91
|
}
|
|
71
92
|
}
|
|
72
93
|
```
|
|
@@ -74,17 +95,17 @@ Add to `%APPDATA%\Claude\claude_desktop_config.json`:
|
|
|
74
95
|
## Architecture
|
|
75
96
|
|
|
76
97
|
```
|
|
77
|
-
MCP Client
|
|
98
|
+
MCP Client
|
|
78
99
|
│ JSON-RPC over stdio
|
|
79
100
|
▼
|
|
80
|
-
src/server.ts - 20 tools +
|
|
101
|
+
src/server.ts - 20 tools + 3 resources + 3 prompts
|
|
81
102
|
│
|
|
82
103
|
├── src/tools/ 20 individual tool handlers
|
|
83
104
|
├── src/core/ Protocol logic (artifact, chain, portal, etc.)
|
|
84
105
|
├── src/crypto/ Ed25519 + SHA-256 + Merkle + canonical JSON
|
|
85
106
|
├── src/middleware/ Zero-trust governance PEP
|
|
86
107
|
├── src/storage/ In-memory + optional SQLite
|
|
87
|
-
├── src/resources/ Protocol docs +
|
|
108
|
+
├── src/resources/ Protocol docs + crypto primitives
|
|
88
109
|
└── src/prompts/ Demo + report + analysis prompts
|
|
89
110
|
```
|
|
90
111
|
|
package/dist/core/types.d.ts
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* V3: Aligned with NIST-2025-0035 and NCCoE AI Agent Identity filings.
|
|
3
|
-
* Every interface annotated with patent reference numeral.
|
|
4
3
|
*/
|
|
5
4
|
import type { HashHex, SignatureBase64, SaltHex, MerkleInclusionProof } from '../crypto/types.js';
|
|
6
5
|
export interface SubjectIdentifier {
|
package/dist/core/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAIlG,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAEjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAAG,gBAAgB,GAAG,iBAAiB,GACzD,iBAAiB,GAAI,MAAM,GAAa,WAAW,GACnD,gBAAgB,GAAK,cAAc,GAAK,mBAAmB,GAC3D,gBAAgB,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;CACtC;AAID,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAC/E,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAEzE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,GACd,kBAAkB,GAClB,YAAY,GACZ,gBAAgB,CAAC;AAErB,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CACpC;AAID,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,oBAAoB,EAAE,CAAC;IACtC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,uBAAuB,GACvB,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,YAAY,GACZ,YAAY,CAAC;AAEjB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAM5D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC5E"}
|
package/dist/crypto/hash.d.ts
CHANGED
|
@@ -2,7 +2,7 @@ import type { HashHex } from './types.js';
|
|
|
2
2
|
export declare function sha256Bytes(data: Uint8Array): HashHex;
|
|
3
3
|
export declare function sha256Str(data: string): HashHex;
|
|
4
4
|
export declare function blake2b256(data: Uint8Array): HashHex;
|
|
5
|
-
/** Concatenate inputs (NO delimiter) and SHA-256.
|
|
5
|
+
/** Concatenate inputs (NO delimiter) and SHA-256. No delimiters per protocol spec. */
|
|
6
6
|
export declare function sha256Cat(...parts: (Uint8Array | string)[]): HashHex;
|
|
7
7
|
/** Concatenate hex strings as text (no decode) and hash. For sealed_hash computation. */
|
|
8
8
|
export declare function sha256HexCat(...hexes: string[]): HashHex;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAI1C,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAErD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAEpD;AAED,
|
|
1
|
+
{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAI1C,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAErD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAEpD;AAED,sFAAsF;AACtF,wBAAgB,SAAS,CAAC,GAAG,KAAK,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,GAAG,OAAO,CAOpE;AAED,yFAAyF;AACzF,wBAAgB,YAAY,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAExD"}
|
package/dist/crypto/hash.js
CHANGED
|
@@ -11,7 +11,7 @@ export function sha256Str(data) {
|
|
|
11
11
|
export function blake2b256(data) {
|
|
12
12
|
return bytesToHex(blake2b(data, { dkLen: 32 }));
|
|
13
13
|
}
|
|
14
|
-
/** Concatenate inputs (NO delimiter) and SHA-256.
|
|
14
|
+
/** Concatenate inputs (NO delimiter) and SHA-256. No delimiters per protocol spec. */
|
|
15
15
|
export function sha256Cat(...parts) {
|
|
16
16
|
const bufs = parts.map(p => typeof p === 'string' ? enc.encode(p) : p);
|
|
17
17
|
const total = bufs.reduce((n, b) => n + b.length, 0);
|
package/dist/crypto/hash.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,MAAM,UAAU,WAAW,CAAC,IAAgB;IAC1C,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,OAAO,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,
|
|
1
|
+
{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,MAAM,UAAU,WAAW,CAAC,IAAgB;IAC1C,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,OAAO,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,sFAAsF;AACtF,MAAM,UAAU,SAAS,CAAC,GAAG,KAA8B;IACzD,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvE,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAAC,CAAC;IAChE,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED,yFAAyF;AACzF,MAAM,UAAU,YAAY,CAAC,GAAG,KAAe;IAC7C,OAAO,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AACnC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nccoe-demo.d.ts","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,iBAAiB;;;;;;;;qBAOX;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,kBAAkB,CAAC,EAAE,MAAM,CAAA;KAAE;
|
|
1
|
+
{"version":3,"file":"nccoe-demo.d.ts","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,iBAAiB;;;;;;;;qBAOX;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,kBAAkB,CAAC,EAAE,MAAM,CAAA;KAAE;CAsCtE,CAAC"}
|
|
@@ -42,7 +42,6 @@ ${args.include_behavioral === 'true' ? '14' : '12'}. Call \`aga_get_chain\` with
|
|
|
42
42
|
${args.include_behavioral === 'true' ? '15' : '13'}. Call \`aga_export_bundle\` to generate evidence bundle (need checkpoint first)
|
|
43
43
|
${args.include_behavioral === 'true' ? '16' : '14'}. Call \`aga_verify_bundle\` with the bundle and issuer public key
|
|
44
44
|
|
|
45
|
-
All operations should produce signed receipts and chain events
|
|
46
|
-
Each step maps to specific patent claims (see aga://resources/patent-claims).`,
|
|
45
|
+
All operations should produce signed receipts and chain events.`,
|
|
47
46
|
};
|
|
48
47
|
//# sourceMappingURL=nccoe-demo.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nccoe-demo.js","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,IAAI,EAAE,YAAY;IAClB,WAAW,EAAE,+FAA+F;IAC5G,SAAS,EAAE;QACT,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,KAAK,EAAE;QACvF,EAAE,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,KAAK,EAAE;KACzG;IACD,QAAQ,EAAE,CAAC,IAA0D,EAAE,EAAE,CAAC;;;;;;yDAMnB,IAAI,CAAC,UAAU,IAAI,0CAA0C;;EAEpH,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,+MAA+M,CAAC,CAAC,CAAC,EAAE;;;;;;;;;;;;;;;;;;;EAmBzP,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC;;;CAGtC,CAAC,CAAC,CAAC,EAAE;;;EAGJ,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI
|
|
1
|
+
{"version":3,"file":"nccoe-demo.js","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,IAAI,EAAE,YAAY;IAClB,WAAW,EAAE,+FAA+F;IAC5G,SAAS,EAAE;QACT,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,KAAK,EAAE;QACvF,EAAE,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,KAAK,EAAE;KACzG;IACD,QAAQ,EAAE,CAAC,IAA0D,EAAE,EAAE,CAAC;;;;;;yDAMnB,IAAI,CAAC,UAAU,IAAI,0CAA0C;;EAEpH,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,+MAA+M,CAAC,CAAC,CAAC,EAAE;;;;;;;;;;;;;;;;;;;EAmBzP,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC;;;CAGtC,CAAC,CAAC,CAAC,EAAE;;;EAGJ,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;;gEAEc;CAC/D,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
export declare const COSAI_MCP_SECURITY_MAPPING: {
|
|
2
|
+
title: string;
|
|
3
|
+
source: string;
|
|
4
|
+
whitepaper: string;
|
|
5
|
+
published: string;
|
|
6
|
+
url: string;
|
|
7
|
+
categories: {
|
|
8
|
+
id: string;
|
|
9
|
+
name: string;
|
|
10
|
+
domain: string;
|
|
11
|
+
cosai_description: string;
|
|
12
|
+
aga_tools: string[];
|
|
13
|
+
aga_mechanism: string;
|
|
14
|
+
nist_ref: string;
|
|
15
|
+
}[];
|
|
16
|
+
};
|
|
17
|
+
export declare const COSAI_COVERAGE_SUMMARY: {
|
|
18
|
+
total_threat_categories: number;
|
|
19
|
+
categories_with_aga_coverage: number;
|
|
20
|
+
total_tools_referenced: number;
|
|
21
|
+
unique_cosai_categories_covered: number;
|
|
22
|
+
nist_submission_sections_referenced: number;
|
|
23
|
+
};
|
|
24
|
+
//# sourceMappingURL=cosai-mapping.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cosai-mapping.d.ts","sourceRoot":"","sources":["../../src/resources/cosai-mapping.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;CAsHtC,CAAC;AAGF,eAAO,MAAM,sBAAsB;;;;;;CAMlC,CAAC"}
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
// src/resources/cosai-mapping.ts
|
|
2
|
+
export const COSAI_MCP_SECURITY_MAPPING = {
|
|
3
|
+
title: 'AGA Coverage of CoSAI MCP Security Threat Taxonomy',
|
|
4
|
+
source: 'Coalition for Secure AI (CoSAI), OASIS Open Project',
|
|
5
|
+
whitepaper: 'Securing the AI Agent Revolution: A Practical Guide to Model Context Protocol Security',
|
|
6
|
+
published: 'January 20, 2026',
|
|
7
|
+
url: 'https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/main/model-context-protocol-security.md',
|
|
8
|
+
categories: [
|
|
9
|
+
{
|
|
10
|
+
id: 'T1',
|
|
11
|
+
name: 'Improper Authentication',
|
|
12
|
+
domain: 'Foundational Identity & Access',
|
|
13
|
+
cosai_description: 'Weak identity verification and credential management across agent chains',
|
|
14
|
+
aga_tools: ['aga_create_artifact', 'aga_verify_artifact', 'aga_rotate_keys'],
|
|
15
|
+
aga_mechanism: 'Ed25519 artifact signatures verified against pinned issuer public key. Portal rejects artifacts with invalid signatures. Key rotation recorded as chain events with both old and new keys for transition period. TTL-based re-attestation enforces continuous authentication.',
|
|
16
|
+
nist_ref: 'NCCoE Section 3: Authentication',
|
|
17
|
+
},
|
|
18
|
+
{
|
|
19
|
+
id: 'T2',
|
|
20
|
+
name: 'Missing Access Control',
|
|
21
|
+
domain: 'Foundational Identity & Access',
|
|
22
|
+
cosai_description: 'Insufficient authorization checks and privilege separation',
|
|
23
|
+
aga_tools: ['aga_start_monitoring', 'aga_trigger_measurement', 'aga_delegate_to_subagent'],
|
|
24
|
+
aga_mechanism: 'Portal enforces sealed policy constraints as a mandatory interception layer. Agent holds no credentials and cannot bypass the portal. Delegation enforces scope diminishment: child scope must be a strict subset of parent. TTL inheritance prevents privilege extension through delegation.',
|
|
25
|
+
nist_ref: 'NCCoE Section 4: Authorization, CAISI Section 4a',
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
id: 'T3',
|
|
29
|
+
name: 'Input Validation Failures',
|
|
30
|
+
domain: 'Input Handling',
|
|
31
|
+
cosai_description: 'Traditional injection flaws amplified by AI mediation',
|
|
32
|
+
aga_tools: ['aga_trigger_measurement', 'aga_measure_behavior'],
|
|
33
|
+
aga_mechanism: 'Portal validates every operation against sealed artifact parameters before authorizing execution. Behavioral drift detection monitors tool invocation patterns against a sealed baseline, catching injection-driven anomalies independent of binary integrity.',
|
|
34
|
+
nist_ref: 'CAISI Section 1a: Semantic Drift Without Binary Modification',
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
id: 'T4',
|
|
38
|
+
name: 'Data/Control Boundary Failures',
|
|
39
|
+
domain: 'Input Handling',
|
|
40
|
+
cosai_description: 'Prompt injection and tool poisoning exploiting the LLM as intermediary',
|
|
41
|
+
aga_tools: ['aga_measure_behavior', 'aga_quarantine_status'],
|
|
42
|
+
aga_mechanism: 'Behavioral baseline sealed in artifact defines permitted tools, forbidden sequences, and rate limits. Prompt injection that causes unauthorized tool invocations or forbidden sequences triggers enforcement. Phantom execution quarantines the compromised agent while capturing the full attack sequence as signed forensic evidence.',
|
|
43
|
+
nist_ref: 'NCCoE Section 6: Prompt Injection Prevention and Mitigation',
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
id: 'T5',
|
|
47
|
+
name: 'Inadequate Data Protection',
|
|
48
|
+
domain: 'Data & Code Protection',
|
|
49
|
+
cosai_description: 'Insufficient encryption and secrets management',
|
|
50
|
+
aga_tools: ['aga_create_artifact', 'aga_disclose_claim'],
|
|
51
|
+
aga_mechanism: 'Attestation evidence stored as salted commitments: Hash(Content || Salt). Original content never stored in the artifact. Privacy-preserving disclosure with automatic substitution prevents sensitive data exposure. Inference risk checking blocks combinations of disclosures that would reveal denied claims.',
|
|
52
|
+
nist_ref: 'CAISI Section 5a: Privacy-Preserving Governance Disclosure',
|
|
53
|
+
},
|
|
54
|
+
{
|
|
55
|
+
id: 'T6',
|
|
56
|
+
name: 'Missing Integrity Controls',
|
|
57
|
+
domain: 'Data & Code Protection',
|
|
58
|
+
cosai_description: 'Lack of verification for MCP servers and tool definitions',
|
|
59
|
+
aga_tools: ['aga_create_artifact', 'aga_trigger_measurement', 'aga_verify_artifact'],
|
|
60
|
+
aga_mechanism: 'Sealed hash computed over subject bytes, metadata, policy reference, and salt. Portal computes runtime hash on every request and compares to sealed reference. Any modification to any component (server binary, tool definitions, configuration) produces a hash mismatch and triggers enforcement. 10 measurement embodiments cover executable images, loaded modules, container images, configuration manifests, SBOMs, and more.',
|
|
61
|
+
nist_ref: 'CAISI Section 2a: Sealed Policy Artifacts',
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
id: 'T7',
|
|
65
|
+
name: 'Session/Transport Security',
|
|
66
|
+
domain: 'Network & Transport',
|
|
67
|
+
cosai_description: 'Insecure protocols and session management',
|
|
68
|
+
aga_tools: ['aga_create_artifact', 'aga_revoke_artifact'],
|
|
69
|
+
aga_mechanism: 'Artifact TTL enforces session expiration. Expired artifacts require re-attestation (fail-closed). Mid-session revocation immediately terminates agent authority. All artifacts and receipts cryptographically signed with Ed25519, preventing session hijacking or replay.',
|
|
70
|
+
nist_ref: 'NCCoE Section 3: TTL-Based Re-Attestation',
|
|
71
|
+
},
|
|
72
|
+
{
|
|
73
|
+
id: 'T8',
|
|
74
|
+
name: 'Network Isolation Failures',
|
|
75
|
+
domain: 'Network & Transport',
|
|
76
|
+
cosai_description: 'Improper network binding and segmentation',
|
|
77
|
+
aga_tools: ['aga_start_monitoring', 'aga_trigger_measurement'],
|
|
78
|
+
aga_mechanism: 'Two-process architecture: portal and agent are separate OS processes. Agent has no direct network access, no credentials, no keys. Portal is the only path to external resources. NETWORK_ISOLATE enforcement action severs network connections while allowing continued local execution for forensic capture.',
|
|
79
|
+
nist_ref: 'CAISI Section 2a: The Portal as Mandatory Runtime Enforcement Boundary',
|
|
80
|
+
},
|
|
81
|
+
{
|
|
82
|
+
id: 'T9',
|
|
83
|
+
name: 'Trust Boundary Failures',
|
|
84
|
+
domain: 'Trust & Design',
|
|
85
|
+
cosai_description: 'Overreliance on LLM judgment for security decisions',
|
|
86
|
+
aga_tools: ['aga_create_artifact', 'aga_trigger_measurement', 'aga_measure_behavior'],
|
|
87
|
+
aga_mechanism: 'Security decisions are pre-committed in the sealed artifact by human authorities before deployment, not delegated to the LLM at runtime. The portal enforces constraints mechanically through hash comparison and behavioral pattern matching. The LLM cannot override, modify, or bypass the sealed enforcement parameters.',
|
|
88
|
+
nist_ref: 'CAISI Section 4a: Fail-Closed Semantics',
|
|
89
|
+
},
|
|
90
|
+
{
|
|
91
|
+
id: 'T10',
|
|
92
|
+
name: 'Resource Management',
|
|
93
|
+
domain: 'Trust & Design',
|
|
94
|
+
cosai_description: 'Absence of rate limiting and quota controls',
|
|
95
|
+
aga_tools: ['aga_measure_behavior', 'aga_create_artifact'],
|
|
96
|
+
aga_mechanism: 'Behavioral baseline includes per-tool rate limits sealed in the artifact. Portal tracks invocation rates within a configurable time window. Rate limit violations trigger enforcement. Measurement cadence is configurable from 10ms (SCADA) to 3,600,000ms, preventing resource exhaustion from excessive measurement overhead.',
|
|
97
|
+
nist_ref: 'CAISI Section 2a: Configurable Measurement Cadences',
|
|
98
|
+
},
|
|
99
|
+
{
|
|
100
|
+
id: 'T11',
|
|
101
|
+
name: 'Supply Chain Failures',
|
|
102
|
+
domain: 'Operational Security',
|
|
103
|
+
cosai_description: 'Insecure MCP server lifecycle and distribution',
|
|
104
|
+
aga_tools: ['aga_create_artifact', 'aga_verify_artifact', 'aga_trigger_measurement'],
|
|
105
|
+
aga_mechanism: 'Content-addressable hash binding at attestation time. Every component (server binary, skill files, dependencies, configuration) is hashed and sealed into the artifact. Runtime measurement detects any modification to any component. Artifact signature binds all fields cryptographically. Modified or substituted components produce hash mismatches and are blocked before execution.',
|
|
106
|
+
nist_ref: 'CAISI Section 1a: Supply Chain Injection',
|
|
107
|
+
},
|
|
108
|
+
{
|
|
109
|
+
id: 'T12',
|
|
110
|
+
name: 'Insufficient Observability',
|
|
111
|
+
domain: 'Operational Security',
|
|
112
|
+
cosai_description: 'Lack of logging, monitoring, and audit trails',
|
|
113
|
+
aga_tools: ['aga_generate_receipt', 'aga_get_chain', 'aga_export_bundle', 'aga_verify_bundle'],
|
|
114
|
+
aga_mechanism: 'Signed receipt generated for every measurement (match or mismatch). Receipts appended to tamper-evident continuity chain linked by structural metadata hashes. Payload excluded from leaf hash computation, enabling third-party verification without payload disclosure. Merkle checkpoint anchoring prevents history rewriting. Evidence bundles enable portable offline verification through a 4-step process: artifact signature, receipt signatures, Merkle proofs, and anchor validation.',
|
|
115
|
+
nist_ref: 'CAISI Section 2a: Tamper-Evident Accountability',
|
|
116
|
+
},
|
|
117
|
+
],
|
|
118
|
+
};
|
|
119
|
+
// Summary statistics
|
|
120
|
+
export const COSAI_COVERAGE_SUMMARY = {
|
|
121
|
+
total_threat_categories: 12,
|
|
122
|
+
categories_with_aga_coverage: 12,
|
|
123
|
+
total_tools_referenced: 20, // all 20 tools participate in at least one category
|
|
124
|
+
unique_cosai_categories_covered: 12,
|
|
125
|
+
nist_submission_sections_referenced: 10,
|
|
126
|
+
};
|
|
127
|
+
//# sourceMappingURL=cosai-mapping.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cosai-mapping.js","sourceRoot":"","sources":["../../src/resources/cosai-mapping.ts"],"names":[],"mappings":"AAAA,iCAAiC;AAEjC,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,KAAK,EAAE,oDAAoD;IAC3D,MAAM,EAAE,qDAAqD;IAC7D,UAAU,EAAE,wFAAwF;IACpG,SAAS,EAAE,kBAAkB;IAC7B,GAAG,EAAE,+GAA+G;IAEpH,UAAU,EAAE;QACV;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,yBAAyB;YAC/B,MAAM,EAAE,gCAAgC;YACxC,iBAAiB,EAAE,0EAA0E;YAC7F,SAAS,EAAE,CAAC,qBAAqB,EAAE,qBAAqB,EAAE,iBAAiB,CAAC;YAC5E,aAAa,EAAE,+QAA+Q;YAE9R,QAAQ,EAAE,iCAAiC;SAC5C;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,wBAAwB;YAC9B,MAAM,EAAE,gCAAgC;YACxC,iBAAiB,EAAE,4DAA4D;YAC/E,SAAS,EAAE,CAAC,sBAAsB,EAAE,yBAAyB,EAAE,0BAA0B,CAAC;YAC1F,aAAa,EAAE,+RAA+R;YAC9S,QAAQ,EAAE,kDAAkD;SAC7D;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,2BAA2B;YACjC,MAAM,EAAE,gBAAgB;YACxB,iBAAiB,EAAE,uDAAuD;YAC1E,SAAS,EAAE,CAAC,yBAAyB,EAAE,sBAAsB,CAAC;YAC9D,aAAa,EAAE,gQAAgQ;YAC/Q,QAAQ,EAAE,8DAA8D;SACzE;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,gCAAgC;YACtC,MAAM,EAAE,gBAAgB;YACxB,iBAAiB,EAAE,wEAAwE;YAC3F,SAAS,EAAE,CAAC,sBAAsB,EAAE,uBAAuB,CAAC;YAC5D,aAAa,EAAE,yUAAyU;YACxV,QAAQ,EAAE,6DAA6D;SACxE;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,wBAAwB;YAChC,iBAAiB,EAAE,gDAAgD;YACnE,SAAS,EAAE,CAAC,qBAAqB,EAAE,oBAAoB,CAAC;YACxD,aAAa,EAAE,kTAAkT;YACjU,QAAQ,EAAE,4DAA4D;SACvE;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,wBAAwB;YAChC,iBAAiB,EAAE,2DAA2D;YAC9E,SAAS,EAAE,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,qBAAqB,CAAC;YACpF,aAAa,EAAE,saAAsa;YACrb,QAAQ,EAAE,2CAA2C;SACtD;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,qBAAqB;YAC7B,iBAAiB,EAAE,2CAA2C;YAC9D,SAAS,EAAE,CAAC,qBAAqB,EAAE,qBAAqB,CAAC;YACzD,aAAa,EAAE,4QAA4Q;YAC3R,QAAQ,EAAE,2CAA2C;SACtD;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,qBAAqB;YAC7B,iBAAiB,EAAE,2CAA2C;YAC9D,SAAS,EAAE,CAAC,sBAAsB,EAAE,yBAAyB,CAAC;YAC9D,aAAa,EAAE,gTAAgT;YAC/T,QAAQ,EAAE,wEAAwE;SACnF;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,yBAAyB;YAC/B,MAAM,EAAE,gBAAgB;YACxB,iBAAiB,EAAE,qDAAqD;YACxE,SAAS,EAAE,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,sBAAsB,CAAC;YACrF,aAAa,EAAE,8TAA8T;YAC7U,QAAQ,EAAE,yCAAyC;SACpD;QACD;YACE,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,qBAAqB;YAC3B,MAAM,EAAE,gBAAgB;YACxB,iBAAiB,EAAE,6CAA6C;YAChE,SAAS,EAAE,CAAC,sBAAsB,EAAE,qBAAqB,CAAC;YAC1D,aAAa,EAAE,kUAAkU;YACjV,QAAQ,EAAE,qDAAqD;SAChE;QACD;YACE,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,uBAAuB;YAC7B,MAAM,EAAE,sBAAsB;YAC9B,iBAAiB,EAAE,gDAAgD;YACnE,SAAS,EAAE,CAAC,qBAAqB,EAAE,qBAAqB,EAAE,yBAAyB,CAAC;YACpF,aAAa,EAAE,4XAA4X;YAC3Y,QAAQ,EAAE,0CAA0C;SACrD;QACD;YACE,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,sBAAsB;YAC9B,iBAAiB,EAAE,+CAA+C;YAClE,SAAS,EAAE,CAAC,sBAAsB,EAAE,eAAe,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;YAC9F,aAAa,EAAE,ieAAie;YAChf,QAAQ,EAAE,iDAAiD;SAC5D;KACF;CACF,CAAC;AAEF,qBAAqB;AACrB,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,uBAAuB,EAAE,EAAE;IAC3B,4BAA4B,EAAE,EAAE;IAChC,sBAAsB,EAAE,EAAE,EAAG,oDAAoD;IACjF,+BAA+B,EAAE,EAAE;IACnC,mCAAmC,EAAE,EAAE;CACxC,CAAC"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export declare const CRYPTO_PRIMITIVES_DOC = "# AGA Cryptographic Primitives\n\n## Ed25519 Digital Signatures\n- Library: @noble/ed25519 v2.1.0\n- Key size: 256-bit (32 bytes)\n- Signature size: 512-bit (64 bytes)\n- Used for: Artifact signing, receipt signing, chain event signing\n\n## SHA-256 Hashing\n- Library: @noble/hashes v1.7.0\n- Output: 256-bit (64 hex characters)\n- Used for: Sealed hash, leaf hash, payload hash, subject identity\n\n## Sealed Hash Construction\n```\nsealed_hash = SHA-256(bytes_hash || metadata_hash || policy_reference || seal_salt)\n```\n- No delimiters between fields (raw hex concatenation)\n-
|
|
1
|
+
export declare const CRYPTO_PRIMITIVES_DOC = "# AGA Cryptographic Primitives\n\n## Ed25519 Digital Signatures\n- Library: @noble/ed25519 v2.1.0\n- Key size: 256-bit (32 bytes)\n- Signature size: 512-bit (64 bytes)\n- Used for: Artifact signing, receipt signing, chain event signing\n\n## SHA-256 Hashing\n- Library: @noble/hashes v1.7.0\n- Output: 256-bit (64 hex characters)\n- Used for: Sealed hash, leaf hash, payload hash, subject identity\n\n## Sealed Hash Construction\n```\nsealed_hash = SHA-256(bytes_hash || metadata_hash || policy_reference || seal_salt)\n```\n- No delimiters between fields (raw hex concatenation)\n- No delimiters per protocol spec\n\n## Leaf Hash Construction\n```\nleaf_hash = SHA-256(\n schema_version || \"||\" || protocol_version || \"||\" ||\n event_type || \"||\" || event_id || \"||\" ||\n sequence_number || \"||\" || timestamp || \"||\" ||\n previous_leaf_hash\n)\n```\n- **Payload EXCLUDED** - privacy innovation\n- Chain integrity verifiable without revealing event contents\n\n## Salted Commitments\n```\ncommitment = SHA-256(content_bytes || salt_bytes)\n```\n- Salt: 128-bit (16 bytes, 32 hex chars) CSPRNG\n- Enables selective disclosure\n\n## Merkle Trees\n- Binary tree over leaf hashes\n- Internal nodes: SHA-256(left || right)\n- Odd leaf count: last leaf duplicated\n- Inclusion proofs: array of {hash, direction} pairs\n\n## Canonical Serialization\n- RFC 8785 aligned\n- Sorted keys, no whitespace\n- Used before signing any object\n";
|
|
2
2
|
export declare const CRYPTO_PRIMITIVES_URI = "aga://crypto-primitives";
|
|
3
3
|
//# sourceMappingURL=crypto-primitives.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto-primitives.d.ts","sourceRoot":"","sources":["../../src/resources/crypto-primitives.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qBAAqB,
|
|
1
|
+
{"version":3,"file":"crypto-primitives.d.ts","sourceRoot":"","sources":["../../src/resources/crypto-primitives.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qBAAqB,w6CAiDjC,CAAC;AAEF,eAAO,MAAM,qBAAqB,4BAA4B,CAAC"}
|
|
@@ -16,9 +16,9 @@ export const CRYPTO_PRIMITIVES_DOC = `# AGA Cryptographic Primitives
|
|
|
16
16
|
sealed_hash = SHA-256(bytes_hash || metadata_hash || policy_reference || seal_salt)
|
|
17
17
|
\`\`\`
|
|
18
18
|
- No delimiters between fields (raw hex concatenation)
|
|
19
|
-
-
|
|
19
|
+
- No delimiters per protocol spec
|
|
20
20
|
|
|
21
|
-
## Leaf Hash Construction
|
|
21
|
+
## Leaf Hash Construction
|
|
22
22
|
\`\`\`
|
|
23
23
|
leaf_hash = SHA-256(
|
|
24
24
|
schema_version || "||" || protocol_version || "||" ||
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export declare const PROTOCOL_SPECIFICATION = "# Attested Governance Artifact (AGA) Protocol Specification v2.0.0\n\n##
|
|
1
|
+
export declare const PROTOCOL_SPECIFICATION = "# Attested Governance Artifact (AGA) Protocol Specification v2.0.0\n\n## NIST References\n- NIST-2025-0035: AI Agent Transparency and Accountability\n- NCCoE AI Agent Identity and Authorization\n\n## Protocol Overview\nThe AGA protocol provides cryptographic governance for autonomous AI systems through:\n1. **Sealed Hash Attestation** - SHA-256(bytes_hash || metadata_hash || policy_ref || seal_salt)\n2. **Continuity Chain** - Tamper-evident append-only event log with privacy-preserving leaf hashes\n3. **Portal State Machine** - Zero-trust Policy Enforcement Point (7 states, fail-closed)\n4. **Signed Receipts** - Ed25519-signed measurement receipt for EVERY measurement\n5. **Evidence Bundles** - Offline-verifiable packages with Merkle inclusion proofs\n\n## 10 Measurement Embodiments\n1. EXECUTABLE_IMAGE - Runtime binary or script content\n2. LOADED_MODULES - Dynamic libraries and plugins\n3. CONTAINER_IMAGE - Container image manifest hash\n4. CONFIG_MANIFEST - Configuration file integrity\n5. SBOM - Software Bill of Materials verification\n6. TEE_QUOTE - Trusted Execution Environment attestation\n7. MEMORY_REGIONS - Runtime memory layout verification\n8. CONTROL_FLOW - Execution path integrity\n9. FILE_SYSTEM_STATE - Filesystem integrity monitoring\n10. NETWORK_CONFIG - Network configuration baseline\n\n## 6 Portal States\n1. INITIALIZATION - Server started, no artifact loaded\n2. ARTIFACT_VERIFICATION - Verifying artifact signature and validity\n3. ACTIVE_MONITORING - Operational, measurements occurring\n4. DRIFT_DETECTED - Hash mismatch detected, enforcement pending\n5. PHANTOM_QUARANTINE - Forensic capture mode, outputs severed\n6. TERMINATED - Fail-closed, no recovery without re-attestation\n\nPlus SAFE_STATE for graceful degradation on revocation.\n\n## 7 Enforcement Actions\n1. QUARANTINE - Phantom execution with forensic capture\n2. TERMINATE - Immediate kill, fail-closed\n3. SAFE_STATE - Return-to-home / controlled shutdown\n4. NETWORK_ISOLATE - Sever network, continue local\n5. KEY_REVOKE - Invalidate cryptographic keys\n6. TOKEN_INVALIDATE - Revoke access tokens\n7. ALERT_ONLY - Log without enforcement (gradual deployment)\n\n## 3 Verification Tiers\n| Tier | Description | Trust Assumption |\n|------|-------------|-----------------|\n| Bronze | Cryptographic signatures only | Trust signing keys |\n| Silver | Signatures + continuity chain | Trust chain operator + keys |\n| Gold | Full verification with blockchain-anchored Merkle proofs | Minimal trust - external anchor |\n\n## 3 Disclosure Modes\n1. PROOF_ONLY - Returns boolean attestation without revealing the value\n2. REVEAL_MIN - Returns minimal representation (e.g., range instead of exact value)\n3. REVEAL_FULL - Returns the complete claim value\n\n## Leaf Hash Formula (Privacy Innovation)\n```\nleaf_hash = SHA-256(\n schema_version || \"||\" || protocol_version || \"||\" ||\n event_type || \"||\" || event_id || \"||\" ||\n sequence_number || \"||\" || timestamp || \"||\" ||\n previous_leaf_hash\n)\n```\n**PAYLOAD IS EXCLUDED from the leaf hash.** This is a key privacy innovation - chain integrity can be verified without revealing the contents of any event. Only the structural metadata participates in the hash. The payload is separately integrity-protected via event_signature.\n\n## SPIFFE/SPIRE Integration Point\nSPIRE handles node-to-workload identity (SVID); AGA handles workload-to-intent governance. SPIFFE provides transport-layer identity binding via SVIDs (SPIFFE Verifiable Identity Documents). AGA binds governance policy to the workload's operational intent, creating a complementary layer:\n- SPIFFE: \"This workload IS who it claims to be\" (identity)\n- AGA: \"This workload IS DOING what it was attested to do\" (governance)\n\n## Framework Alignment\n| Framework | AGA Alignment |\n|-----------|--------------|\n| NIST SP 800-53 | SI-7 (Software Integrity), AU-10 (Non-repudiation), SI-4 (Monitoring) |\n| NIST AI RMF | Govern \u2192 Policy Artifacts; Map \u2192 Subject ID; Measure \u2192 Portal + Receipts; Manage \u2192 Enforcement |\n| NIST SP 800-57 | Key management for Ed25519 signing keys |\n| NIST SSDF (SP 800-218) | Software supply chain integrity via sealed hash attestation |\n| NIST SP 800-207 (ZTA) | Zero Trust Architecture - portal as Policy Enforcement Point, never trust, always verify |\n| ISO 42001 | AI management system - governance artifacts as compliance evidence |\n| EU AI Act | High-risk AI system transparency via evidence bundles |\n\n## Cryptographic Primitives\n- **Hashing:** SHA-256 (primary), BLAKE2b-256 (secondary)\n- **Signing:** Ed25519 via @noble/ed25519\n- **Salts:** 128-bit CSPRNG via @noble/hashes/utils\n- **Merkle Trees:** SHA-256 binary tree with inclusion proofs\n- **Serialization:** RFC 8785 deterministic JSON (sorted keys)\n\n## Event Types (12)\nGENESIS, POLICY_ISSUANCE, INTERACTION_RECEIPT, REVOCATION, ATTESTATION,\nANCHOR_BATCH, DISCLOSURE, SUBSTITUTION, KEY_ROTATION, BEHAVIORAL_DRIFT,\nDELEGATION, RE_ATTESTATION\n\n## 4 Sensitivity Levels\n- S1_LOW - Can be revealed fully\n- S2_MODERATE - Can be revealed minimally or proved\n- S3_HIGH - Proof only, auto-substitutes to lower sensitivity\n- S4_CRITICAL - Maximum protection, proof only, cascading substitution\n\n## CoSAI MCP Security Threat Coverage\n\nThe Coalition for Secure AI (CoSAI) published a comprehensive MCP security taxonomy\nidentifying 12 core threat categories and nearly 40 distinct threats specific to Model\nContext Protocol deployments (January 2026). The AGA MCP Server addresses all 12 categories.\n\n| CoSAI Category | Threat Domain | AGA Governance Mechanism |\n|---|---|---|\n| T1: Improper Authentication | Identity & Access | Ed25519 artifact signatures, pinned issuer keys, TTL re-attestation, key rotation chain events |\n| T2: Missing Access Control | Identity & Access | Portal as mandatory enforcement boundary, sealed constraints, delegation with scope diminishment |\n| T3: Input Validation Failures | Input Handling | Runtime measurement against sealed reference, behavioral drift detection |\n| T4: Data/Control Boundary Failures | Input Handling | Behavioral baseline (permitted tools, forbidden sequences, rate limits), phantom execution forensics |\n| T5: Inadequate Data Protection | Data & Code | Salted commitments, privacy-preserving disclosure with substitution, inference risk prevention |\n| T6: Missing Integrity Controls | Data & Code | Content-addressable hash binding, 10 measurement embodiments, continuous runtime verification |\n| T7: Session/Transport Security | Network & Transport | TTL-based artifact expiration, fail-closed on expiry, mid-session revocation, Ed25519 signed receipts |\n| T8: Network Isolation Failures | Network & Transport | Two-process architecture, agent holds no credentials, NETWORK_ISOLATE enforcement action |\n| T9: Trust Boundary Failures | Trust & Design | Enforcement pre-committed by human authorities in sealed artifact, not delegated to LLM |\n| T10: Resource Management | Trust & Design | Per-tool rate limits in behavioral baseline, configurable measurement cadence (10ms to 3600s) |\n| T11: Supply Chain Failures | Operational | Content-addressable hashing at attestation, runtime hash comparison blocks modified components |\n| T12: Insufficient Observability | Operational | Signed receipts, tamper-evident continuity chain, Merkle anchoring, offline evidence bundles |\n\nCoverage: 12 of 12 threat categories addressed.\nSource: CoSAI/OASIS, \"Securing the AI Agent Revolution\" (January 2026)\n\n### CoSAI Recommended Controls and AGA Implementation\n\n1. Strong Identity Throughout the Chain\n AGA: Ed25519 keypairs for issuer, portal, and chain. Every artifact and receipt\n cryptographically signed. Key rotation recorded in chain. Delegation produces\n derived artifacts with independent signatures traceable to the issuing authority.\n\n2. Zero Trust Applied to AI Agents\n AGA: Portal treats all agent operations as untrusted. Every request measured\n against sealed reference before authorization. Fail-closed: default state is denial.\n Agent cannot execute without a valid, signature-verified artifact.\n\n3. Sandbox Everything\n AGA: Two-process architecture. Agent and portal are separate OS processes.\n Agent has no credentials, no keys, no direct resource access. Phantom execution\n provides runtime sandboxing when drift is detected.\n\n4. Defensive Tool Design\n AGA: Permitted tools sealed in artifact. Forbidden sequences explicitly defined.\n Rate limits per tool. Portal enforces all constraints mechanically, independent\n of LLM judgment. Behavioral drift detection catches tool misuse patterns.\n\n5. Supply Chain Lockdown\n AGA: Content-addressable hash binding at attestation. Runtime measurement\n detects any component modification. Sealed hash covers all subject bytes,\n metadata, and policy reference. 10 measurement embodiments for comprehensive\n coverage.\n\n6. Observability from Day One\n AGA: Signed receipt for every measurement. Tamper-evident continuity chain.\n Structural metadata linking enables third-party verification without payload\n disclosure. Merkle checkpoint anchoring. Portable offline evidence bundles.\n";
|
|
2
2
|
export declare const SPECIFICATION_URI = "aga://specification";
|
|
3
3
|
//# sourceMappingURL=specification.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"specification.d.ts","sourceRoot":"","sources":["../../src/resources/specification.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,sBAAsB,
|
|
1
|
+
{"version":3,"file":"specification.d.ts","sourceRoot":"","sources":["../../src/resources/specification.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,sBAAsB,siSA8JlC,CAAC;AAEF,eAAO,MAAM,iBAAiB,wBAAwB,CAAC"}
|
|
@@ -1,8 +1,5 @@
|
|
|
1
1
|
export const PROTOCOL_SPECIFICATION = `# Attested Governance Artifact (AGA) Protocol Specification v2.0.0
|
|
2
2
|
|
|
3
|
-
## Patent Reference
|
|
4
|
-
USPTO Application No. 19/433,835
|
|
5
|
-
|
|
6
3
|
## NIST References
|
|
7
4
|
- NIST-2025-0035: AI Agent Transparency and Accountability
|
|
8
5
|
- NCCoE AI Agent Identity and Authorization
|
|
@@ -58,7 +55,7 @@ Plus SAFE_STATE for graceful degradation on revocation.
|
|
|
58
55
|
2. REVEAL_MIN - Returns minimal representation (e.g., range instead of exact value)
|
|
59
56
|
3. REVEAL_FULL - Returns the complete claim value
|
|
60
57
|
|
|
61
|
-
## Leaf Hash Formula (
|
|
58
|
+
## Leaf Hash Formula (Privacy Innovation)
|
|
62
59
|
\`\`\`
|
|
63
60
|
leaf_hash = SHA-256(
|
|
64
61
|
schema_version || "||" || protocol_version || "||" ||
|
|
@@ -67,7 +64,7 @@ leaf_hash = SHA-256(
|
|
|
67
64
|
previous_leaf_hash
|
|
68
65
|
)
|
|
69
66
|
\`\`\`
|
|
70
|
-
**PAYLOAD IS EXCLUDED from the leaf hash.** This is
|
|
67
|
+
**PAYLOAD IS EXCLUDED from the leaf hash.** This is a key privacy innovation - chain integrity can be verified without revealing the contents of any event. Only the structural metadata participates in the hash. The payload is separately integrity-protected via event_signature.
|
|
71
68
|
|
|
72
69
|
## SPIFFE/SPIRE Integration Point
|
|
73
70
|
SPIRE handles node-to-workload identity (SVID); AGA handles workload-to-intent governance. SPIFFE provides transport-layer identity binding via SVIDs (SPIFFE Verifiable Identity Documents). AGA binds governance policy to the workload's operational intent, creating a complementary layer:
|
|
@@ -102,6 +99,63 @@ DELEGATION, RE_ATTESTATION
|
|
|
102
99
|
- S2_MODERATE - Can be revealed minimally or proved
|
|
103
100
|
- S3_HIGH - Proof only, auto-substitutes to lower sensitivity
|
|
104
101
|
- S4_CRITICAL - Maximum protection, proof only, cascading substitution
|
|
102
|
+
|
|
103
|
+
## CoSAI MCP Security Threat Coverage
|
|
104
|
+
|
|
105
|
+
The Coalition for Secure AI (CoSAI) published a comprehensive MCP security taxonomy
|
|
106
|
+
identifying 12 core threat categories and nearly 40 distinct threats specific to Model
|
|
107
|
+
Context Protocol deployments (January 2026). The AGA MCP Server addresses all 12 categories.
|
|
108
|
+
|
|
109
|
+
| CoSAI Category | Threat Domain | AGA Governance Mechanism |
|
|
110
|
+
|---|---|---|
|
|
111
|
+
| T1: Improper Authentication | Identity & Access | Ed25519 artifact signatures, pinned issuer keys, TTL re-attestation, key rotation chain events |
|
|
112
|
+
| T2: Missing Access Control | Identity & Access | Portal as mandatory enforcement boundary, sealed constraints, delegation with scope diminishment |
|
|
113
|
+
| T3: Input Validation Failures | Input Handling | Runtime measurement against sealed reference, behavioral drift detection |
|
|
114
|
+
| T4: Data/Control Boundary Failures | Input Handling | Behavioral baseline (permitted tools, forbidden sequences, rate limits), phantom execution forensics |
|
|
115
|
+
| T5: Inadequate Data Protection | Data & Code | Salted commitments, privacy-preserving disclosure with substitution, inference risk prevention |
|
|
116
|
+
| T6: Missing Integrity Controls | Data & Code | Content-addressable hash binding, 10 measurement embodiments, continuous runtime verification |
|
|
117
|
+
| T7: Session/Transport Security | Network & Transport | TTL-based artifact expiration, fail-closed on expiry, mid-session revocation, Ed25519 signed receipts |
|
|
118
|
+
| T8: Network Isolation Failures | Network & Transport | Two-process architecture, agent holds no credentials, NETWORK_ISOLATE enforcement action |
|
|
119
|
+
| T9: Trust Boundary Failures | Trust & Design | Enforcement pre-committed by human authorities in sealed artifact, not delegated to LLM |
|
|
120
|
+
| T10: Resource Management | Trust & Design | Per-tool rate limits in behavioral baseline, configurable measurement cadence (10ms to 3600s) |
|
|
121
|
+
| T11: Supply Chain Failures | Operational | Content-addressable hashing at attestation, runtime hash comparison blocks modified components |
|
|
122
|
+
| T12: Insufficient Observability | Operational | Signed receipts, tamper-evident continuity chain, Merkle anchoring, offline evidence bundles |
|
|
123
|
+
|
|
124
|
+
Coverage: 12 of 12 threat categories addressed.
|
|
125
|
+
Source: CoSAI/OASIS, "Securing the AI Agent Revolution" (January 2026)
|
|
126
|
+
|
|
127
|
+
### CoSAI Recommended Controls and AGA Implementation
|
|
128
|
+
|
|
129
|
+
1. Strong Identity Throughout the Chain
|
|
130
|
+
AGA: Ed25519 keypairs for issuer, portal, and chain. Every artifact and receipt
|
|
131
|
+
cryptographically signed. Key rotation recorded in chain. Delegation produces
|
|
132
|
+
derived artifacts with independent signatures traceable to the issuing authority.
|
|
133
|
+
|
|
134
|
+
2. Zero Trust Applied to AI Agents
|
|
135
|
+
AGA: Portal treats all agent operations as untrusted. Every request measured
|
|
136
|
+
against sealed reference before authorization. Fail-closed: default state is denial.
|
|
137
|
+
Agent cannot execute without a valid, signature-verified artifact.
|
|
138
|
+
|
|
139
|
+
3. Sandbox Everything
|
|
140
|
+
AGA: Two-process architecture. Agent and portal are separate OS processes.
|
|
141
|
+
Agent has no credentials, no keys, no direct resource access. Phantom execution
|
|
142
|
+
provides runtime sandboxing when drift is detected.
|
|
143
|
+
|
|
144
|
+
4. Defensive Tool Design
|
|
145
|
+
AGA: Permitted tools sealed in artifact. Forbidden sequences explicitly defined.
|
|
146
|
+
Rate limits per tool. Portal enforces all constraints mechanically, independent
|
|
147
|
+
of LLM judgment. Behavioral drift detection catches tool misuse patterns.
|
|
148
|
+
|
|
149
|
+
5. Supply Chain Lockdown
|
|
150
|
+
AGA: Content-addressable hash binding at attestation. Runtime measurement
|
|
151
|
+
detects any component modification. Sealed hash covers all subject bytes,
|
|
152
|
+
metadata, and policy reference. 10 measurement embodiments for comprehensive
|
|
153
|
+
coverage.
|
|
154
|
+
|
|
155
|
+
6. Observability from Day One
|
|
156
|
+
AGA: Signed receipt for every measurement. Tamper-evident continuity chain.
|
|
157
|
+
Structural metadata linking enables third-party verification without payload
|
|
158
|
+
disclosure. Merkle checkpoint anchoring. Portable offline evidence bundles.
|
|
105
159
|
`;
|
|
106
160
|
export const SPECIFICATION_URI = 'aga://specification';
|
|
107
161
|
//# sourceMappingURL=specification.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"specification.js","sourceRoot":"","sources":["../../src/resources/specification.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,sBAAsB,GAAG
|
|
1
|
+
{"version":3,"file":"specification.js","sourceRoot":"","sources":["../../src/resources/specification.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,sBAAsB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8JrC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,qBAAqB,CAAC"}
|
package/dist/server.d.ts
CHANGED
|
@@ -1,8 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* AGA MCP Server V2.0.0 - The Portal (ref 150) as an MCP service.
|
|
3
3
|
*
|
|
4
|
-
* 20 tools,
|
|
5
|
-
* USPTO Application No. 19/433,835
|
|
4
|
+
* 20 tools, 3 resources, 3 prompts.
|
|
6
5
|
* NIST-2025-0035, NCCoE AI Agent Identity and Authorization
|
|
7
6
|
*/
|
|
8
7
|
import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAwCpE,wBAAsB,eAAe,IAAI,OAAO,CAAC,SAAS,CAAC,CAiW1D"}
|
package/dist/server.js
CHANGED
|
@@ -1,8 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* AGA MCP Server V2.0.0 - The Portal (ref 150) as an MCP service.
|
|
3
3
|
*
|
|
4
|
-
* 20 tools,
|
|
5
|
-
* USPTO Application No. 19/433,835
|
|
4
|
+
* 20 tools, 3 resources, 3 prompts.
|
|
6
5
|
* NIST-2025-0035, NCCoE AI Agent Identity and Authorization
|
|
7
6
|
*/
|
|
8
7
|
import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
@@ -34,7 +33,6 @@ import { handleRotateKeys } from './tools/rotate-keys.js';
|
|
|
34
33
|
import { PROTOCOL_SPECIFICATION, SPECIFICATION_URI } from './resources/specification.js';
|
|
35
34
|
import { generateSampleBundle, SAMPLE_BUNDLE_URI } from './resources/sample-bundle.js';
|
|
36
35
|
import { CRYPTO_PRIMITIVES_DOC, CRYPTO_PRIMITIVES_URI } from './resources/crypto-primitives.js';
|
|
37
|
-
import { PATENT_CLAIMS_DOC, PATENT_CLAIMS_URI } from './resources/patent-claims.js';
|
|
38
36
|
// ── Prompts ──────────────────────────────────────────────────────
|
|
39
37
|
import { NCCOE_DEMO_PROMPT } from './prompts/nccoe-demo.js';
|
|
40
38
|
import { GOVERNANCE_REPORT_PROMPT } from './prompts/governance-report.js';
|
|
@@ -56,11 +54,11 @@ export async function createAGAServer() {
|
|
|
56
54
|
// Also register as get_server_info for backward compat
|
|
57
55
|
server.tool('get_server_info', 'Get AGA server info (alias for aga_server_info).', {}, async () => handleServerInfo({}, ctx));
|
|
58
56
|
// 2. aga_init_chain (ungoverned)
|
|
59
|
-
server.tool('aga_init_chain', 'Initialize continuity chain with genesis event.
|
|
57
|
+
server.tool('aga_init_chain', 'Initialize continuity chain with genesis event.', { specification_hash: z.string().optional() }, async (args) => handleInitChain(args, ctx));
|
|
60
58
|
// Also register as init_chain for backward compat
|
|
61
|
-
server.tool('init_chain', 'Initialize continuity chain (alias for aga_init_chain).
|
|
59
|
+
server.tool('init_chain', 'Initialize continuity chain (alias for aga_init_chain).', { specification_hash: z.string().optional() }, async (args) => handleInitChain(args, ctx));
|
|
62
60
|
// 3. aga_create_artifact (ungoverned)
|
|
63
|
-
server.tool('aga_create_artifact', 'Attest subject, generate sealed Policy Artifact, load into portal. Accepts content or pre-computed hashes.
|
|
61
|
+
server.tool('aga_create_artifact', 'Attest subject, generate sealed Policy Artifact, load into portal. Accepts content or pre-computed hashes.', {
|
|
64
62
|
subject_content: z.string().optional().describe('Content/bytes of the subject'),
|
|
65
63
|
subject_bytes_hash: z.string().optional().describe('Pre-computed SHA-256 bytes hash'),
|
|
66
64
|
subject_metadata_hash: z.string().optional().describe('Pre-computed SHA-256 metadata hash'),
|
|
@@ -83,7 +81,7 @@ export async function createAGAServer() {
|
|
|
83
81
|
}).optional(),
|
|
84
82
|
}, async (args) => handleCreateArtifact(args, ctx));
|
|
85
83
|
// 4. aga_measure_subject (governed)
|
|
86
|
-
governedTool('aga_measure_subject', 'Measure subject state, compare to sealed reference. Generates signed receipt.
|
|
84
|
+
governedTool('aga_measure_subject', 'Measure subject state, compare to sealed reference. Generates signed receipt.', {
|
|
87
85
|
subject_content: z.string().optional().describe('Raw content to measure'),
|
|
88
86
|
subject_bytes_hash: z.string().optional().describe('Pre-computed SHA-256 bytes hash (64 hex)'),
|
|
89
87
|
subject_metadata_hash: z.string().optional().describe('Pre-computed SHA-256 metadata hash (64 hex)'),
|
|
@@ -131,9 +129,9 @@ export async function createAGAServer() {
|
|
|
131
129
|
action_detail: z.string().optional(),
|
|
132
130
|
}, async (args) => handleGenerateReceipt(args, ctx));
|
|
133
131
|
// 10. aga_export_bundle (governed)
|
|
134
|
-
governedTool('aga_export_bundle', 'Package artifact + receipts + Merkle proofs for offline verification.
|
|
132
|
+
governedTool('aga_export_bundle', 'Package artifact + receipts + Merkle proofs for offline verification.', {}, async () => handleExportBundle({}, ctx));
|
|
135
133
|
// 11. aga_verify_bundle (ungoverned - verification is always allowed)
|
|
136
|
-
server.tool('aga_verify_bundle', 'Verify evidence bundle offline - 4-step verification.
|
|
134
|
+
server.tool('aga_verify_bundle', 'Verify evidence bundle offline - 4-step verification.', {
|
|
137
135
|
bundle: z.any(),
|
|
138
136
|
pinned_public_key: z.string().optional(),
|
|
139
137
|
}, async (args) => {
|
|
@@ -141,7 +139,7 @@ export async function createAGAServer() {
|
|
|
141
139
|
return handleVerifyBundle({ bundle: args.bundle, pinned_public_key: pk }, ctx);
|
|
142
140
|
});
|
|
143
141
|
// 12. aga_disclose_claim (governed)
|
|
144
|
-
governedTool('aga_disclose_claim', 'Request disclosure of a claim. Auto-substitutes if sensitivity denied.
|
|
142
|
+
governedTool('aga_disclose_claim', 'Request disclosure of a claim. Auto-substitutes if sensitivity denied.', {
|
|
145
143
|
claim_id: z.string(),
|
|
146
144
|
requester_id: z.string().default('anonymous'),
|
|
147
145
|
mode: z.enum(['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL']).default('REVEAL_MIN'),
|
|
@@ -152,16 +150,16 @@ export async function createAGAServer() {
|
|
|
152
150
|
mode: args.disclosure_mode ?? args.mode,
|
|
153
151
|
}, ctx));
|
|
154
152
|
// 13. aga_get_chain (ungoverned)
|
|
155
|
-
server.tool('aga_get_chain', 'Get continuity chain events with optional verification and filtering.
|
|
153
|
+
server.tool('aga_get_chain', 'Get continuity chain events with optional verification and filtering.', {
|
|
156
154
|
start_seq: z.number().optional(),
|
|
157
155
|
end_seq: z.number().optional(),
|
|
158
156
|
verify: z.boolean().optional(),
|
|
159
157
|
filter_type: z.string().optional().describe('Filter: all, behavioral, delegations, receipts, revocations, attestations, disclosure, keys'),
|
|
160
158
|
}, async (args) => handleGetChain(args, ctx));
|
|
161
159
|
// 14. aga_quarantine_status (ungoverned)
|
|
162
|
-
server.tool('aga_quarantine_status', 'Get quarantine state and forensic capture status.
|
|
160
|
+
server.tool('aga_quarantine_status', 'Get quarantine state and forensic capture status.', {}, async () => handleQuarantineStatus({}, ctx));
|
|
163
161
|
// 15. aga_revoke_artifact (governed)
|
|
164
|
-
governedTool('aga_revoke_artifact', 'Revoke an active policy artifact mid-session. Supports TERMINATED or SAFE_STATE transition.
|
|
162
|
+
governedTool('aga_revoke_artifact', 'Revoke an active policy artifact mid-session. Supports TERMINATED or SAFE_STATE transition.', {
|
|
165
163
|
sealed_hash: z.string().optional().describe('Sealed hash of artifact to revoke'),
|
|
166
164
|
reason: z.string().describe('Reason for revocation'),
|
|
167
165
|
transition_to: z.enum(['TERMINATED', 'SAFE_STATE']).optional(),
|
|
@@ -180,12 +178,12 @@ export async function createAGAServer() {
|
|
|
180
178
|
include_behavioral: z.boolean().optional(),
|
|
181
179
|
}, async (args) => handleFullLifecycle(args, ctx));
|
|
182
180
|
// 18. aga_measure_behavior (ungoverned)
|
|
183
|
-
server.tool('aga_measure_behavior', 'Measure behavioral patterns or record tool invocation.
|
|
181
|
+
server.tool('aga_measure_behavior', 'Measure behavioral patterns or record tool invocation.', {
|
|
184
182
|
tool_name: z.string().optional().describe('Tool name to record/test'),
|
|
185
183
|
record_only: z.boolean().optional().describe('If true, just record without measuring'),
|
|
186
184
|
}, async (args) => handleMeasureBehavior(args, ctx));
|
|
187
185
|
// 19. aga_delegate_to_subagent (governed)
|
|
188
|
-
governedTool('aga_delegate_to_subagent', 'Derive constrained policy artifact for sub-agent. Scope only diminishes.
|
|
186
|
+
governedTool('aga_delegate_to_subagent', 'Derive constrained policy artifact for sub-agent. Scope only diminishes.', {
|
|
189
187
|
sub_agent_id: z.string().optional(),
|
|
190
188
|
permitted_tools: z.array(z.string()).optional(),
|
|
191
189
|
enforcement_triggers: z.array(z.string()).optional(),
|
|
@@ -202,7 +200,7 @@ export async function createAGAServer() {
|
|
|
202
200
|
reason: z.string().optional(),
|
|
203
201
|
}, async (args) => handleRotateKeys(args, ctx));
|
|
204
202
|
// ══════════════════════════════════════════════════════════════
|
|
205
|
-
//
|
|
203
|
+
// 3 RESOURCES
|
|
206
204
|
// ══════════════════════════════════════════════════════════════
|
|
207
205
|
server.resource('protocol-specification', SPECIFICATION_URI, { mimeType: 'text/markdown', description: 'AGA Protocol Specification v2.0.0 with SPIFFE integration and framework alignment' }, async () => ({ contents: [{ uri: SPECIFICATION_URI, mimeType: 'text/markdown', text: PROTOCOL_SPECIFICATION }] }));
|
|
208
206
|
server.resource('sample-bundle', SAMPLE_BUNDLE_URI, { mimeType: 'application/json', description: 'Pre-generated cryptographically signed evidence bundle' }, async () => {
|
|
@@ -211,7 +209,6 @@ export async function createAGAServer() {
|
|
|
211
209
|
return { contents: [{ uri: SAMPLE_BUNDLE_URI, mimeType: 'application/json', text }] };
|
|
212
210
|
});
|
|
213
211
|
server.resource('crypto-primitives', CRYPTO_PRIMITIVES_URI, { mimeType: 'text/markdown', description: 'AGA cryptographic primitives documentation' }, async () => ({ contents: [{ uri: CRYPTO_PRIMITIVES_URI, mimeType: 'text/markdown', text: CRYPTO_PRIMITIVES_DOC }] }));
|
|
214
|
-
server.resource('patent-claims', PATENT_CLAIMS_URI, { mimeType: 'text/markdown', description: 'USPTO 19/433,835 patent claims mapped to 20 tools' }, async () => ({ contents: [{ uri: PATENT_CLAIMS_URI, mimeType: 'text/markdown', text: PATENT_CLAIMS_DOC }] }));
|
|
215
212
|
// ══════════════════════════════════════════════════════════════
|
|
216
213
|
// 3 PROMPTS
|
|
217
214
|
// ══════════════════════════════════════════════════════════════
|
package/dist/server.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAoB,MAAM,4BAA4B,CAAC;AAEvF,oEAAoE;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,yBAAyB,EAAE,MAAM,kCAAkC,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE1D,oEAAoE;AACpE,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACzF,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACvF,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AAChG,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAEpF,oEAAoE;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAEpE,mEAAmE;AAEnE,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3E,MAAM,GAAG,GAAG,MAAM,aAAa,EAAE,CAAC;IAElC,MAAM,aAAa,GAAG,EAAE,IAAI,OAAO,KAAK,OAAO,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAEnE,SAAS,YAAY,CACnB,IAAY,EAAE,WAAmB,EAAE,MAAW,EAC9C,OAAoB;QAEpB,MAAM,IAAI,GAAG,uBAAuB,CAAC,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAC7F,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,iEAAiE;IACjE,WAAW;IACX,iEAAiE;IAEjE,kCAAkC;IAClC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAC3B,0EAA0E,EAC1E,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,gBAAgB,CAAC,EAAS,EAAE,GAAG,CAAC,CAC7C,CAAC;IAEF,uDAAuD;IACvD,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAC3B,kDAAkD,EAClD,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,gBAAgB,CAAC,EAAS,EAAE,GAAG,CAAC,CAC7C,CAAC;IAEF,iCAAiC;IACjC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAC1B,4DAA4D,EAC5D,EAAE,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,EAC7C,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,EAAE,GAAG,CAAC,CAC3C,CAAC;IAEF,kDAAkD;IAClD,MAAM,CAAC,IAAI,CAAC,YAAY,EACtB,oEAAoE,EACpE,EAAE,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,EAC7C,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,EAAE,GAAG,CAAC,CAC3C,CAAC;IAEF,sCAAsC;IACtC,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAC/B,2HAA2H,EAC3H;QACE,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;QAC/E,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;QACrF,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;QAC3F,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC;YACzB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC/B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC7B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACpC,CAAC,CAAC,QAAQ,EAAE;QACb,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC7C,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACzC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,iBAAiB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACjD,cAAc,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QACzF,mBAAmB,EAAE,CAAC,CAAC,MAAM,CAAC;YAC5B,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;YACpC,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;YACjC,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YACjD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;SACtB,CAAC,CAAC,QAAQ,EAAE;KACd,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAChD,CAAC;IAEF,oCAAoC;IACpC,YAAY,CAAC,qBAAqB,EAChC,8FAA8F,EAC9F;QACE,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QACzE,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;QAC9F,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;QACpG,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC;YACzB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC/B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC7B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACpC,CAAC,CAAC,QAAQ,EAAE;KACd,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,oBAAoB,CAAC,EAAE,GAAG,IAAI,EAAE,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,CACtG,CAAC;IAEF,sCAAsC;IACtC,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAC/B,4DAA4D,EAC5D;QACE,QAAQ,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;QAC3D,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yBAAyB,CAAC;KAC7E,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,EAAE,GAAG,IAAI,CAAC,iBAAiB,IAAI,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACxG,OAAO,oBAAoB,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,GAAG,CAAC,cAAc,EAAE,iBAAiB,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;IAC7G,CAAC,CACF,CAAC;IAEF,qCAAqC;IACrC,YAAY,CAAC,sBAAsB,EACjC,6DAA6D,EAC7D;QACE,mBAAmB,EAAE,CAAC,CAAC,MAAM,CAAC;YAC5B,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;YACpC,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;YACjC,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YACjD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;SACtB,CAAC,CAAC,QAAQ,EAAE;KACd,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,qBAAqB,CAAC,IAAI,EAAE,GAAG,CAAC,CACjD,CAAC;IAEF,uCAAuC;IACvC,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAChC,yEAAyE,EACzE,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,oBAAoB,CAAC,EAAS,EAAE,GAAG,CAAC,CACjD,CAAC;IAEF,wCAAwC;IACxC,YAAY,CAAC,yBAAyB,EACpC,kEAAkE,EAClE;QACE,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QACzE,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;QAC9F,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;QACpG,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACvC,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;KAClD,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,wBAAwB,CAAC,IAAI,EAAE,GAAG,CAAC,CACpD,CAAC;IAEF,qCAAqC;IACrC,YAAY,CAAC,sBAAsB,EACjC,iDAAiD,EACjD;QACE,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACtC,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACtC,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACxC,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACvC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACrC,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,qBAAqB,CAAC,IAAI,EAAE,GAAG,CAAC,CACjD,CAAC;IAEF,mCAAmC;IACnC,YAAY,CAAC,mBAAmB,EAC9B,iFAAiF,EACjF,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,kBAAkB,CAAC,EAAS,EAAE,GAAG,CAAC,CAC/C,CAAC;IAEF,sEAAsE;IACtE,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAC7B,mEAAmE,EACnE;QACE,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE;QACf,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACzC,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,EAAE,GAAG,IAAI,CAAC,iBAAiB,IAAI,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACxG,OAAO,kBAAkB,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,iBAAiB,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;IACjF,CAAC,CACF,CAAC;IAEF,oCAAoC;IACpC,YAAY,CAAC,oBAAoB,EAC/B,kFAAkF,EAClF;QACE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC;QAC/E,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,QAAQ,EAAE;KAChF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,mBAAmB,CAAC;QAClC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,IAAI,EAAE,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,IAAI;KACxC,EAAE,GAAG,CAAC,CACR,CAAC;IAEF,iCAAiC;IACjC,MAAM,CAAC,IAAI,CAAC,eAAe,EACzB,kFAAkF,EAClF;QACE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAChC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC9B,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QAC9B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6FAA6F,CAAC;KAC3I,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,CAC1C,CAAC;IAEF,yCAAyC;IACzC,MAAM,CAAC,IAAI,CAAC,uBAAuB,EACjC,6DAA6D,EAC7D,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,sBAAsB,CAAC,EAAS,EAAE,GAAG,CAAC,CACnD,CAAC;IAEF,qCAAqC;IACrC,YAAY,CAAC,qBAAqB,EAChC,8GAA8G,EAC9G;QACE,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;QAChF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;QACpD,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC,QAAQ,EAAE;KAC/D,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAChD,CAAC;IAEF,6CAA6C;IAC7C,MAAM,CAAC,IAAI,CAAC,2BAA2B,EACrC,mDAAmD,EACnD;QACE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;KAC3C,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,EAAE,GAAG,CAAC,CACrD,CAAC;IAEF,6CAA6C;IAC7C,MAAM,CAAC,IAAI,CAAC,2BAA2B,EACrC,uFAAuF,EACvF;QACE,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACtC,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACjD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;QAC7E,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACrC,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QAC1C,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KAC3C,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,EAAE,GAAG,CAAC,CAC/C,CAAC;IAEF,wCAAwC;IACxC,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAChC,yEAAyE,EACzE;QACE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;QACrE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;KACvF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,qBAAqB,CAAC,IAAI,EAAE,GAAG,CAAC,CACjD,CAAC;IAEF,0CAA0C;IAC1C,YAAY,CAAC,0BAA0B,EACrC,kFAAkF,EAClF;QACE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACnC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC/C,oBAAoB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACpD,iBAAiB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACjD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC5C,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACzC,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACzC,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,EAAE,GAAG,CAAC,CAClD,CAAC;IAEF,iCAAiC;IACjC,YAAY,CAAC,iBAAiB,EAC5B,yEAAyE,EACzE;QACE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;QAC1D,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;QACzD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC9B,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,EAAE,GAAG,CAAC,CAC5C,CAAC;IAEF,iEAAiE;IACjE,cAAc;IACd,iEAAiE;IAEjE,MAAM,CAAC,QAAQ,CACb,wBAAwB,EACxB,iBAAiB,EACjB,EAAE,QAAQ,EAAE,eAAe,EAAE,WAAW,EAAE,mFAAmF,EAAE,EAC/H,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,iBAAiB,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC,EAAE,CAAC,CAClH,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,eAAe,EACf,iBAAiB,EACjB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,EAAE,wDAAwD,EAAE,EACvG,KAAK,IAAI,EAAE;QACT,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,oBAAoB,EAAE,CAAC;QACvD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACrG,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,iBAAiB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACxF,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,mBAAmB,EACnB,qBAAqB,EACrB,EAAE,QAAQ,EAAE,eAAe,EAAE,WAAW,EAAE,4CAA4C,EAAE,EACxF,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,qBAAqB,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAAC,EAAE,CAAC,CACrH,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,eAAe,EACf,iBAAiB,EACjB,EAAE,QAAQ,EAAE,eAAe,EAAE,WAAW,EAAE,mDAAmD,EAAE,EAC/F,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,iBAAiB,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC,EAAE,CAAC,CAC7G,CAAC;IAEF,iEAAiE;IACjE,YAAY;IACZ,iEAAiE;IAEjE,MAAM,CAAC,MAAM,CACX,iBAAiB,CAAC,IAAI,EACtB,iBAAiB,CAAC,WAAW,EAC7B;QACE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;QAC7E,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;KAC/F,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QACf,QAAQ,EAAE,CAAC;gBACT,IAAI,EAAE,MAAe;gBACrB,OAAO,EAAE,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;aAC3E,CAAC;KACH,CAAC,CACH,CAAC;IAEF,MAAM,CAAC,MAAM,CACX,wBAAwB,CAAC,IAAI,EAC7B,wBAAwB,CAAC,WAAW,EACpC,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,CAAC;QACX,QAAQ,EAAE,CAAC;gBACT,IAAI,EAAE,MAAe;gBACrB,OAAO,EAAE,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,wBAAwB,CAAC,QAAQ,EAAE,EAAE;aAC9E,CAAC;KACH,CAAC,CACH,CAAC;IAEF,MAAM,CAAC,MAAM,CACX,qBAAqB,CAAC,IAAI,EAC1B,qBAAqB,CAAC,WAAW,EACjC;QACE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;KACzF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QACf,QAAQ,EAAE,CAAC;gBACT,IAAI,EAAE,MAAe;gBACrB,OAAO,EAAE,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;aAC/E,CAAC;KACH,CAAC,CACH,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAoB,MAAM,4BAA4B,CAAC;AAEvF,oEAAoE;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,yBAAyB,EAAE,MAAM,kCAAkC,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE1D,oEAAoE;AACpE,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACzF,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACvF,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AAGhG,oEAAoE;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAEpE,mEAAmE;AAEnE,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3E,MAAM,GAAG,GAAG,MAAM,aAAa,EAAE,CAAC;IAElC,MAAM,aAAa,GAAG,EAAE,IAAI,OAAO,KAAK,OAAO,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAEnE,SAAS,YAAY,CACnB,IAAY,EAAE,WAAmB,EAAE,MAAW,EAC9C,OAAoB;QAEpB,MAAM,IAAI,GAAG,uBAAuB,CAAC,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAC7F,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,iEAAiE;IACjE,WAAW;IACX,iEAAiE;IAEjE,kCAAkC;IAClC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAC3B,0EAA0E,EAC1E,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,gBAAgB,CAAC,EAAS,EAAE,GAAG,CAAC,CAC7C,CAAC;IAEF,uDAAuD;IACvD,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAC3B,kDAAkD,EAClD,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,gBAAgB,CAAC,EAAS,EAAE,GAAG,CAAC,CAC7C,CAAC;IAEF,iCAAiC;IACjC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAC1B,iDAAiD,EACjD,EAAE,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,EAC7C,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,EAAE,GAAG,CAAC,CAC3C,CAAC;IAEF,kDAAkD;IAClD,MAAM,CAAC,IAAI,CAAC,YAAY,EACtB,yDAAyD,EACzD,EAAE,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,EAC7C,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,EAAE,GAAG,CAAC,CAC3C,CAAC;IAEF,sCAAsC;IACtC,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAC/B,4GAA4G,EAC5G;QACE,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;QAC/E,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;QACrF,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;QAC3F,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC;YACzB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC/B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC7B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACpC,CAAC,CAAC,QAAQ,EAAE;QACb,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC7C,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACzC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,iBAAiB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACjD,cAAc,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QACzF,mBAAmB,EAAE,CAAC,CAAC,MAAM,CAAC;YAC5B,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;YACpC,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;YACjC,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YACjD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;SACtB,CAAC,CAAC,QAAQ,EAAE;KACd,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAChD,CAAC;IAEF,oCAAoC;IACpC,YAAY,CAAC,qBAAqB,EAChC,+EAA+E,EAC/E;QACE,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QACzE,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;QAC9F,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;QACpG,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC;YACzB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC/B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC7B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACpC,CAAC,CAAC,QAAQ,EAAE;KACd,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,oBAAoB,CAAC,EAAE,GAAG,IAAI,EAAE,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,CACtG,CAAC;IAEF,sCAAsC;IACtC,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAC/B,4DAA4D,EAC5D;QACE,QAAQ,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;QAC3D,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yBAAyB,CAAC;KAC7E,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,EAAE,GAAG,IAAI,CAAC,iBAAiB,IAAI,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACxG,OAAO,oBAAoB,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,GAAG,CAAC,cAAc,EAAE,iBAAiB,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;IAC7G,CAAC,CACF,CAAC;IAEF,qCAAqC;IACrC,YAAY,CAAC,sBAAsB,EACjC,6DAA6D,EAC7D;QACE,mBAAmB,EAAE,CAAC,CAAC,MAAM,CAAC;YAC5B,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;YACpC,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;YACjC,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YACjD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;SACtB,CAAC,CAAC,QAAQ,EAAE;KACd,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,qBAAqB,CAAC,IAAI,EAAE,GAAG,CAAC,CACjD,CAAC;IAEF,uCAAuC;IACvC,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAChC,yEAAyE,EACzE,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,oBAAoB,CAAC,EAAS,EAAE,GAAG,CAAC,CACjD,CAAC;IAEF,wCAAwC;IACxC,YAAY,CAAC,yBAAyB,EACpC,kEAAkE,EAClE;QACE,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QACzE,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;QAC9F,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;QACpG,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACvC,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;KAClD,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,wBAAwB,CAAC,IAAI,EAAE,GAAG,CAAC,CACpD,CAAC;IAEF,qCAAqC;IACrC,YAAY,CAAC,sBAAsB,EACjC,iDAAiD,EACjD;QACE,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACtC,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACtC,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACxC,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACvC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACrC,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,qBAAqB,CAAC,IAAI,EAAE,GAAG,CAAC,CACjD,CAAC;IAEF,mCAAmC;IACnC,YAAY,CAAC,mBAAmB,EAC9B,uEAAuE,EACvE,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,kBAAkB,CAAC,EAAS,EAAE,GAAG,CAAC,CAC/C,CAAC;IAEF,sEAAsE;IACtE,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAC7B,uDAAuD,EACvD;QACE,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE;QACf,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACzC,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,EAAE,GAAG,IAAI,CAAC,iBAAiB,IAAI,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACxG,OAAO,kBAAkB,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,iBAAiB,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;IACjF,CAAC,CACF,CAAC;IAEF,oCAAoC;IACpC,YAAY,CAAC,oBAAoB,EAC/B,wEAAwE,EACxE;QACE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC;QAC/E,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,QAAQ,EAAE;KAChF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,mBAAmB,CAAC;QAClC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,IAAI,EAAE,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,IAAI;KACxC,EAAE,GAAG,CAAC,CACR,CAAC;IAEF,iCAAiC;IACjC,MAAM,CAAC,IAAI,CAAC,eAAe,EACzB,uEAAuE,EACvE;QACE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAChC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC9B,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QAC9B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6FAA6F,CAAC;KAC3I,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,CAC1C,CAAC;IAEF,yCAAyC;IACzC,MAAM,CAAC,IAAI,CAAC,uBAAuB,EACjC,mDAAmD,EACnD,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,sBAAsB,CAAC,EAAS,EAAE,GAAG,CAAC,CACnD,CAAC;IAEF,qCAAqC;IACrC,YAAY,CAAC,qBAAqB,EAChC,6FAA6F,EAC7F;QACE,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;QAChF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;QACpD,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC,QAAQ,EAAE;KAC/D,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAChD,CAAC;IAEF,6CAA6C;IAC7C,MAAM,CAAC,IAAI,CAAC,2BAA2B,EACrC,mDAAmD,EACnD;QACE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;KAC3C,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,EAAE,GAAG,CAAC,CACrD,CAAC;IAEF,6CAA6C;IAC7C,MAAM,CAAC,IAAI,CAAC,2BAA2B,EACrC,uFAAuF,EACvF;QACE,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACtC,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACjD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;QAC7E,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACrC,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QAC1C,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KAC3C,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,EAAE,GAAG,CAAC,CAC/C,CAAC;IAEF,wCAAwC;IACxC,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAChC,wDAAwD,EACxD;QACE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;QACrE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;KACvF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,qBAAqB,CAAC,IAAI,EAAE,GAAG,CAAC,CACjD,CAAC;IAEF,0CAA0C;IAC1C,YAAY,CAAC,0BAA0B,EACrC,0EAA0E,EAC1E;QACE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACnC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC/C,oBAAoB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACpD,iBAAiB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACjD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC5C,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACzC,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACzC,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,EAAE,GAAG,CAAC,CAClD,CAAC;IAEF,iCAAiC;IACjC,YAAY,CAAC,iBAAiB,EAC5B,yEAAyE,EACzE;QACE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;QAC1D,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;QACzD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC9B,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,EAAE,GAAG,CAAC,CAC5C,CAAC;IAEF,iEAAiE;IACjE,cAAc;IACd,iEAAiE;IAEjE,MAAM,CAAC,QAAQ,CACb,wBAAwB,EACxB,iBAAiB,EACjB,EAAE,QAAQ,EAAE,eAAe,EAAE,WAAW,EAAE,mFAAmF,EAAE,EAC/H,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,iBAAiB,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC,EAAE,CAAC,CAClH,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,eAAe,EACf,iBAAiB,EACjB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,EAAE,wDAAwD,EAAE,EACvG,KAAK,IAAI,EAAE;QACT,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,oBAAoB,EAAE,CAAC;QACvD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACrG,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,iBAAiB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACxF,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,mBAAmB,EACnB,qBAAqB,EACrB,EAAE,QAAQ,EAAE,eAAe,EAAE,WAAW,EAAE,4CAA4C,EAAE,EACxF,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,qBAAqB,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAAC,EAAE,CAAC,CACrH,CAAC;IAEF,iEAAiE;IACjE,YAAY;IACZ,iEAAiE;IAEjE,MAAM,CAAC,MAAM,CACX,iBAAiB,CAAC,IAAI,EACtB,iBAAiB,CAAC,WAAW,EAC7B;QACE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;QAC7E,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;KAC/F,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QACf,QAAQ,EAAE,CAAC;gBACT,IAAI,EAAE,MAAe;gBACrB,OAAO,EAAE,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;aAC3E,CAAC;KACH,CAAC,CACH,CAAC;IAEF,MAAM,CAAC,MAAM,CACX,wBAAwB,CAAC,IAAI,EAC7B,wBAAwB,CAAC,WAAW,EACpC,EAAE,EACF,KAAK,IAAI,EAAE,CAAC,CAAC;QACX,QAAQ,EAAE,CAAC;gBACT,IAAI,EAAE,MAAe;gBACrB,OAAO,EAAE,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,wBAAwB,CAAC,QAAQ,EAAE,EAAE;aAC9E,CAAC;KACH,CAAC,CACH,CAAC;IAEF,MAAM,CAAC,MAAM,CACX,qBAAqB,CAAC,IAAI,EAC1B,qBAAqB,CAAC,WAAW,EACjC;QACE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;KACzF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QACf,QAAQ,EAAE,CAAC;gBACT,IAAI,EAAE,MAAe;gBACrB,OAAO,EAAE,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;aAC/E,CAAC;KACH,CAAC,CACH,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server-info.d.ts","sourceRoot":"","sources":["../../src/tools/server-info.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,aAAa;;;;;
|
|
1
|
+
{"version":3,"file":"server-info.d.ts","sourceRoot":"","sources":["../../src/tools/server-info.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,aAAa;;;;;GAoBtF"}
|
|
@@ -4,7 +4,6 @@ export async function handleServerInfo(_args, ctx) {
|
|
|
4
4
|
server: 'AGA MCP Server',
|
|
5
5
|
version: '2.0.0',
|
|
6
6
|
protocol: 'Attested Governance Artifacts v2.0.0',
|
|
7
|
-
patent: 'USPTO Application No. 19/433,835',
|
|
8
7
|
nist_references: ['NIST-2025-0035', 'NCCoE AI Agent Identity'],
|
|
9
8
|
framework_alignment: {
|
|
10
9
|
spiffe: 'SPIFFE provides workload identity (SVID); AGA binds governance to workload intent',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server-info.js","sourceRoot":"","sources":["../../src/tools/server-info.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG5C,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,KAA4B,EAAE,GAAkB;IACrF,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,MAAM,EAAE,gBAAgB;QACxB,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,sCAAsC;QAChD,
|
|
1
|
+
{"version":3,"file":"server-info.js","sourceRoot":"","sources":["../../src/tools/server-info.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG5C,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,KAA4B,EAAE,GAAkB;IACrF,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,MAAM,EAAE,gBAAgB;QACxB,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,sCAAsC;QAChD,eAAe,EAAE,CAAC,gBAAgB,EAAE,yBAAyB,CAAC;QAC9D,mBAAmB,EAAE;YACnB,MAAM,EAAE,mFAAmF;YAC3F,cAAc,EAAE,uDAAuD;YACvE,WAAW,EAAE,4DAA4D;SAC1E;QACD,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAClD,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAClD,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC;QAChD,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;KAClD,CAAC,CAAC;AACL,CAAC"}
|
package/dist/types.d.ts
CHANGED
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,MAAM,SAAS,GAAG,UAAU,CAAC;AACnC,MAAM,MAAM,SAAS,GAAG,UAAU,CAAC;AACnC,MAAM,WAAW,OAAO;IAAG,SAAS,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,SAAS,CAAC;CAAE;AACxE,MAAM,MAAM,SAAS,GAAG,UAAU,CAAC;AACnC,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC;AAC7B,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC;AACrC,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC;AAE7B,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;CACf;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC,CAAC;IAC/D,IAAI,EAAE,OAAO,CAAC;CACf;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,GACd,kBAAkB,GAClB,YAAY,GACZ,gBAAgB,CAAC;AAIrB,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAIjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAClB,gBAAgB,GAChB,iBAAiB,GACjB,iBAAiB,GACjB,MAAM,GACN,WAAW,GACX,gBAAgB,GAChB,cAAc,GACd,mBAAmB,GACnB,gBAAgB,CAAC;AAIrB,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,uBAAuB,GACvB,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,YAAY,GACZ,YAAY,CAAC;AAIjB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAI5D,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAIzE,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAI/E,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;CACtC;AAID,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAED,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,oBAAoB,EAAE,CAAC;IACtC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CACpC;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,CAAC;CAClC;AAID,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC5E;AAID,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,mBAAmB,EAAE,MAAM,EAAE,EAAE,CAAC;IAChC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,MAAM,mBAAmB,GAC3B;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAC3C;IAAE,IAAI,EAAE,eAAe,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GACrE;IAAE,IAAI,EAAE,oBAAoB,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC;AAEvD,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,cAAc,EAAE,CAAC;IAC9B,UAAU,EAAE,mBAAmB,EAAE,CAAC;IAClC,eAAe,EAAE,OAAO,CAAC;IACzB,cAAc,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,iBAAiB;IAChC,WAAW,CAAC,QAAQ,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAChD,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,GAAG,IAAI,CAAC;IAC5D,OAAO,IAAI,qBAAqB,CAAC;IACjC,KAAK,IAAI,IAAI,CAAC;CACf;AAID,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,eAAe,EAAE;QACf,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC3B,yBAAyB,EAAE,MAAM,EAAE,CAAC;KACrC,CAAC;IACF,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,iBAAiB,EAAE,eAAe,EAAE,CAAC;IACrC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,eAAe,CAAC,EAAE;QAChB,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC3B,yBAAyB,EAAE,MAAM,EAAE,CAAC;KACrC,CAAC;IACF,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB"}
|
package/dist/types.js
CHANGED
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@attested-intelligence/aga-mcp-server",
|
|
3
|
-
"version": "2.0.
|
|
4
|
-
"description": "MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems.
|
|
3
|
+
"version": "2.0.1",
|
|
4
|
+
"description": "MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems. 20 tools, 3 resources, 3 prompts.",
|
|
5
5
|
"author": "Attested Intelligence Holdings LLC",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"type": "module",
|
|
@@ -10,8 +10,7 @@
|
|
|
10
10
|
"files": [
|
|
11
11
|
"dist/",
|
|
12
12
|
"README.md",
|
|
13
|
-
"LICENSE"
|
|
14
|
-
"PATENTS.md"
|
|
13
|
+
"LICENSE"
|
|
15
14
|
],
|
|
16
15
|
"bin": {
|
|
17
16
|
"aga-mcp-server": "dist/index.js"
|
package/PATENTS.md
DELETED
|
@@ -1,28 +0,0 @@
|
|
|
1
|
-
# Patent Notice
|
|
2
|
-
|
|
3
|
-
**USPTO Application No. 19/433,835**
|
|
4
|
-
**Title:** Attested Governance Artifact Protocol for Autonomous Systems
|
|
5
|
-
**Applicant:** Attested Intelligence Holdings LLC
|
|
6
|
-
**Status:** Pending
|
|
7
|
-
|
|
8
|
-
This software implements the methods and systems described in the above patent application. The patent covers, among other things:
|
|
9
|
-
|
|
10
|
-
- Sealed hash attestation of subject identity (Claims 1a-1d)
|
|
11
|
-
- Portal-based runtime measurement and enforcement (Claims 1e-1g)
|
|
12
|
-
- Privacy-preserving disclosure with sensitivity-based auto-substitution (Claim 2)
|
|
13
|
-
- Tamper-evident continuity chain with privacy-preserving leaf hashes (Claims 3a-3f)
|
|
14
|
-
- Phantom execution and quarantine (Claim 5)
|
|
15
|
-
- TTL-based fail-closed semantics (Claim 6)
|
|
16
|
-
- Offline-verifiable evidence bundles (Claim 9)
|
|
17
|
-
- Pinned issuer key verification (Claim 10)
|
|
18
|
-
- Forensic input capture during quarantine (Claim 11)
|
|
19
|
-
- Graceful degradation (Claim 12)
|
|
20
|
-
|
|
21
|
-
## NIST References
|
|
22
|
-
|
|
23
|
-
- **NIST-2025-0035:** AI Agent Transparency and Accountability
|
|
24
|
-
- **NCCoE:** AI Agent Identity and Authorization
|
|
25
|
-
|
|
26
|
-
## License
|
|
27
|
-
|
|
28
|
-
This software is licensed under the MIT License. Use of the software does not grant any rights under the patent application beyond those explicitly granted by the MIT License.
|
|
@@ -1,3 +0,0 @@
|
|
|
1
|
-
export declare const PATENT_CLAIMS_DOC = "# USPTO Application No. 19/433,835 - Patent Claims Mapped to Tools\n\n## Claim 1: Subject Attestation and Measurement\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 1(a) | Receive subject for attestation | aga_create_artifact |\n| 1(b) | Generate subject identifier (bytes_hash + metadata_hash) | aga_create_artifact |\n| 1(c) | Perform attestation (sealed_hash generation) | aga_create_artifact |\n| 1(d) | Generate policy artifact with signature | aga_create_artifact |\n| 1(e) | Portal accepts artifact, begins monitoring | aga_measure_subject |\n| 1(f) | Compare current state to sealed reference | aga_measure_subject |\n| 1(g) | Enforce on drift, generate signed receipt | aga_measure_subject |\n\n## Claim 2: Privacy-Preserving Disclosure\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 2 | Sensitivity-based claim disclosure | aga_disclose_claim |\n| 2-sub | Auto-substitution when sensitivity denied | aga_disclose_claim |\n\n## Claim 3: Continuity Chain\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 3(a) | Genesis event creation | aga_init_chain |\n| 3(b) | Event appending (auto on every operation) | All tools |\n| 3(c) | Leaf hash excludes payload (privacy innovation) | aga_get_chain |\n| 3(d-f) | Merkle checkpoint anchoring | aga_export_bundle |\n\n## Claim 5: Quarantine\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 5 | Phantom execution on drift | aga_quarantine_status |\n\n## Claim 6: TTL Expiration\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 6 | Fail-closed on TTL expiry | aga_measure_subject |\n\n## Claim 9: Evidence Bundle\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 9 | Offline-verifiable evidence bundle | aga_export_bundle |\n\n## Claim 10: Pinned Key\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 10 | Portal pins issuer public key | aga_create_artifact |\n\n## Claim 11: Phantom Execution\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 11 | Forensic input capture during quarantine | aga_quarantine_status |\n\n## Claim 12: Graceful Degradation\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 12 | TTL + fail-closed termination | aga_measure_subject |\n\n## Additional (NCCoE Filing)\n| Feature | Description | Tool |\n|---------|-------------|------|\n| Mid-session revocation | NCCoE Phase 3b | aga_revoke_artifact |\n| Behavioral drift | NIST-2025-0035 | aga_measure_behavior |\n| Constrained delegation | NCCoE constrained sub-mandates | aga_delegate_subagent |\n| Key rotation | Key lifecycle management | aga_rotate_keys |\n";
|
|
2
|
-
export declare const PATENT_CLAIMS_URI = "aga://patent-claims";
|
|
3
|
-
//# sourceMappingURL=patent-claims.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"patent-claims.d.ts","sourceRoot":"","sources":["../../src/resources/patent-claims.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,iBAAiB,uqFAgE7B,CAAC;AAEF,eAAO,MAAM,iBAAiB,wBAAwB,CAAC"}
|
|
@@ -1,67 +0,0 @@
|
|
|
1
|
-
export const PATENT_CLAIMS_DOC = `# USPTO Application No. 19/433,835 - Patent Claims Mapped to Tools
|
|
2
|
-
|
|
3
|
-
## Claim 1: Subject Attestation and Measurement
|
|
4
|
-
| Sub-claim | Description | Tool |
|
|
5
|
-
|-----------|-------------|------|
|
|
6
|
-
| 1(a) | Receive subject for attestation | aga_create_artifact |
|
|
7
|
-
| 1(b) | Generate subject identifier (bytes_hash + metadata_hash) | aga_create_artifact |
|
|
8
|
-
| 1(c) | Perform attestation (sealed_hash generation) | aga_create_artifact |
|
|
9
|
-
| 1(d) | Generate policy artifact with signature | aga_create_artifact |
|
|
10
|
-
| 1(e) | Portal accepts artifact, begins monitoring | aga_measure_subject |
|
|
11
|
-
| 1(f) | Compare current state to sealed reference | aga_measure_subject |
|
|
12
|
-
| 1(g) | Enforce on drift, generate signed receipt | aga_measure_subject |
|
|
13
|
-
|
|
14
|
-
## Claim 2: Privacy-Preserving Disclosure
|
|
15
|
-
| Sub-claim | Description | Tool |
|
|
16
|
-
|-----------|-------------|------|
|
|
17
|
-
| 2 | Sensitivity-based claim disclosure | aga_disclose_claim |
|
|
18
|
-
| 2-sub | Auto-substitution when sensitivity denied | aga_disclose_claim |
|
|
19
|
-
|
|
20
|
-
## Claim 3: Continuity Chain
|
|
21
|
-
| Sub-claim | Description | Tool |
|
|
22
|
-
|-----------|-------------|------|
|
|
23
|
-
| 3(a) | Genesis event creation | aga_init_chain |
|
|
24
|
-
| 3(b) | Event appending (auto on every operation) | All tools |
|
|
25
|
-
| 3(c) | Leaf hash excludes payload (privacy innovation) | aga_get_chain |
|
|
26
|
-
| 3(d-f) | Merkle checkpoint anchoring | aga_export_bundle |
|
|
27
|
-
|
|
28
|
-
## Claim 5: Quarantine
|
|
29
|
-
| Sub-claim | Description | Tool |
|
|
30
|
-
|-----------|-------------|------|
|
|
31
|
-
| 5 | Phantom execution on drift | aga_quarantine_status |
|
|
32
|
-
|
|
33
|
-
## Claim 6: TTL Expiration
|
|
34
|
-
| Sub-claim | Description | Tool |
|
|
35
|
-
|-----------|-------------|------|
|
|
36
|
-
| 6 | Fail-closed on TTL expiry | aga_measure_subject |
|
|
37
|
-
|
|
38
|
-
## Claim 9: Evidence Bundle
|
|
39
|
-
| Sub-claim | Description | Tool |
|
|
40
|
-
|-----------|-------------|------|
|
|
41
|
-
| 9 | Offline-verifiable evidence bundle | aga_export_bundle |
|
|
42
|
-
|
|
43
|
-
## Claim 10: Pinned Key
|
|
44
|
-
| Sub-claim | Description | Tool |
|
|
45
|
-
|-----------|-------------|------|
|
|
46
|
-
| 10 | Portal pins issuer public key | aga_create_artifact |
|
|
47
|
-
|
|
48
|
-
## Claim 11: Phantom Execution
|
|
49
|
-
| Sub-claim | Description | Tool |
|
|
50
|
-
|-----------|-------------|------|
|
|
51
|
-
| 11 | Forensic input capture during quarantine | aga_quarantine_status |
|
|
52
|
-
|
|
53
|
-
## Claim 12: Graceful Degradation
|
|
54
|
-
| Sub-claim | Description | Tool |
|
|
55
|
-
|-----------|-------------|------|
|
|
56
|
-
| 12 | TTL + fail-closed termination | aga_measure_subject |
|
|
57
|
-
|
|
58
|
-
## Additional (NCCoE Filing)
|
|
59
|
-
| Feature | Description | Tool |
|
|
60
|
-
|---------|-------------|------|
|
|
61
|
-
| Mid-session revocation | NCCoE Phase 3b | aga_revoke_artifact |
|
|
62
|
-
| Behavioral drift | NIST-2025-0035 | aga_measure_behavior |
|
|
63
|
-
| Constrained delegation | NCCoE constrained sub-mandates | aga_delegate_subagent |
|
|
64
|
-
| Key rotation | Key lifecycle management | aga_rotate_keys |
|
|
65
|
-
`;
|
|
66
|
-
export const PATENT_CLAIMS_URI = 'aga://patent-claims';
|
|
67
|
-
//# sourceMappingURL=patent-claims.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"patent-claims.js","sourceRoot":"","sources":["../../src/resources/patent-claims.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgEhC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,qBAAqB,CAAC"}
|