@attested-intelligence/aga-mcp-server 2.0.0 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +57 -36
- package/dist/adapters/openclaw.d.ts +43 -0
- package/dist/adapters/openclaw.d.ts.map +1 -0
- package/dist/adapters/openclaw.js +86 -0
- package/dist/adapters/openclaw.js.map +1 -0
- package/dist/core/types.d.ts +0 -1
- package/dist/core/types.d.ts.map +1 -1
- package/dist/crypto/hash.d.ts +1 -1
- package/dist/crypto/hash.d.ts.map +1 -1
- package/dist/crypto/hash.js +1 -1
- package/dist/crypto/hash.js.map +1 -1
- package/dist/prompts/nccoe-demo.d.ts.map +1 -1
- package/dist/prompts/nccoe-demo.js +1 -2
- package/dist/prompts/nccoe-demo.js.map +1 -1
- package/dist/proxy/evaluator.d.ts +14 -0
- package/dist/proxy/evaluator.d.ts.map +1 -0
- package/dist/proxy/evaluator.js +141 -0
- package/dist/proxy/evaluator.js.map +1 -0
- package/dist/proxy/index.d.ts +22 -0
- package/dist/proxy/index.d.ts.map +1 -0
- package/dist/proxy/index.js +230 -0
- package/dist/proxy/index.js.map +1 -0
- package/dist/proxy/profiles.d.ts +16 -0
- package/dist/proxy/profiles.d.ts.map +1 -0
- package/dist/proxy/profiles.js +43 -0
- package/dist/proxy/profiles.js.map +1 -0
- package/dist/proxy/server.d.ts +106 -0
- package/dist/proxy/server.d.ts.map +1 -0
- package/dist/proxy/server.js +389 -0
- package/dist/proxy/server.js.map +1 -0
- package/dist/proxy/stdio-bridge.d.ts +42 -0
- package/dist/proxy/stdio-bridge.d.ts.map +1 -0
- package/dist/proxy/stdio-bridge.js +142 -0
- package/dist/proxy/stdio-bridge.js.map +1 -0
- package/dist/proxy/types.d.ts +36 -0
- package/dist/proxy/types.d.ts.map +1 -0
- package/dist/proxy/types.js +11 -0
- package/dist/proxy/types.js.map +1 -0
- package/dist/proxy/verify.d.ts +29 -0
- package/dist/proxy/verify.d.ts.map +1 -0
- package/dist/proxy/verify.js +183 -0
- package/dist/proxy/verify.js.map +1 -0
- package/dist/resources/cosai-mapping.d.ts +24 -0
- package/dist/resources/cosai-mapping.d.ts.map +1 -0
- package/dist/resources/cosai-mapping.js +127 -0
- package/dist/resources/cosai-mapping.js.map +1 -0
- package/dist/resources/crypto-primitives.d.ts +1 -1
- package/dist/resources/crypto-primitives.d.ts.map +1 -1
- package/dist/resources/crypto-primitives.js +2 -2
- package/dist/resources/specification.d.ts +1 -1
- package/dist/resources/specification.d.ts.map +1 -1
- package/dist/resources/specification.js +59 -5
- package/dist/resources/specification.js.map +1 -1
- package/dist/server.d.ts +1 -2
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +14 -17
- package/dist/server.js.map +1 -1
- package/dist/tools/server-info.d.ts.map +1 -1
- package/dist/tools/server-info.js +0 -1
- package/dist/tools/server-info.js.map +1 -1
- package/dist/types.d.ts +0 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +0 -1
- package/dist/types.js.map +1 -1
- package/package.json +9 -5
- package/PATENTS.md +0 -28
- package/dist/resources/patent-claims.d.ts +0 -3
- package/dist/resources/patent-claims.d.ts.map +0 -1
- package/dist/resources/patent-claims.js +0 -67
- package/dist/resources/patent-claims.js.map +0 -1
package/README.md
CHANGED
|
@@ -1,49 +1,47 @@
|
|
|
1
1
|
# @attested-intelligence/aga-mcp-server v2.0.0
|
|
2
2
|
|
|
3
|
-
MCP server
|
|
3
|
+
[](https://lobehub.com/mcp/attested-intelligence-aga-mcp-server)
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
**Referenced in:** NIST-2025-0035, NCCoE AI Agent Identity and Authorization
|
|
5
|
+
MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems.
|
|
7
6
|
|
|
8
7
|
## What It Does
|
|
9
8
|
|
|
10
9
|
This server acts as a **Portal** (zero-trust Policy Enforcement Point) for AI agents. Every tool call is attested, measured against a sealed cryptographic reference, and logged to a tamper-evident continuity chain with signed receipts.
|
|
11
10
|
|
|
12
|
-
**20 tools,
|
|
11
|
+
**20 tools, 3 resources, 3 prompts, 159 tests**
|
|
13
12
|
|
|
14
13
|
## 20 MCP Tools
|
|
15
14
|
|
|
16
|
-
| # | Tool |
|
|
17
|
-
|
|
18
|
-
| 1 | `aga_server_info` |
|
|
19
|
-
| 2 | `aga_init_chain` |
|
|
20
|
-
| 3 | `aga_create_artifact` |
|
|
21
|
-
| 4 | `aga_measure_subject` |
|
|
22
|
-
| 5 | `aga_verify_artifact` |
|
|
23
|
-
| 6 | `aga_start_monitoring` |
|
|
24
|
-
| 7 | `aga_get_portal_state` |
|
|
25
|
-
| 8 | `aga_trigger_measurement` |
|
|
26
|
-
| 9 | `aga_generate_receipt` |
|
|
27
|
-
| 10 | `aga_export_bundle` |
|
|
28
|
-
| 11 | `aga_verify_bundle` |
|
|
29
|
-
| 12 | `aga_disclose_claim` |
|
|
30
|
-
| 13 | `aga_get_chain` |
|
|
31
|
-
| 14 | `aga_quarantine_status` |
|
|
32
|
-
| 15 | `aga_revoke_artifact` |
|
|
33
|
-
| 16 | `aga_set_verification_tier` |
|
|
34
|
-
| 17 | `aga_demonstrate_lifecycle` |
|
|
35
|
-
| 18 | `aga_measure_behavior` |
|
|
36
|
-
| 19 | `aga_delegate_to_subagent` |
|
|
37
|
-
| 20 | `aga_rotate_keys` |
|
|
38
|
-
|
|
39
|
-
##
|
|
15
|
+
| # | Tool | Description |
|
|
16
|
+
| --- | --- | --- |
|
|
17
|
+
| 1 | `aga_server_info` | Server identity, keys, portal state, framework alignment |
|
|
18
|
+
| 2 | `aga_init_chain` | Initialize continuity chain with genesis event |
|
|
19
|
+
| 3 | `aga_create_artifact` | Attest subject, generate sealed Policy Artifact |
|
|
20
|
+
| 4 | `aga_measure_subject` | Measure subject, compare to sealed ref, generate receipt |
|
|
21
|
+
| 5 | `aga_verify_artifact` | Verify artifact signature against issuer key |
|
|
22
|
+
| 6 | `aga_start_monitoring` | Start/restart behavioral monitoring with baseline |
|
|
23
|
+
| 7 | `aga_get_portal_state` | Current portal enforcement state and TTL |
|
|
24
|
+
| 8 | `aga_trigger_measurement` | Trigger measurement with specific type |
|
|
25
|
+
| 9 | `aga_generate_receipt` | Generate signed measurement receipt manually |
|
|
26
|
+
| 10 | `aga_export_bundle` | Package artifact + receipts + Merkle proofs |
|
|
27
|
+
| 11 | `aga_verify_bundle` | 4-step offline bundle verification |
|
|
28
|
+
| 12 | `aga_disclose_claim` | Privacy-preserving disclosure with auto-substitution |
|
|
29
|
+
| 13 | `aga_get_chain` | Get chain events with optional integrity verification |
|
|
30
|
+
| 14 | `aga_quarantine_status` | Quarantine state and forensic capture status |
|
|
31
|
+
| 15 | `aga_revoke_artifact` | Mid-session artifact revocation |
|
|
32
|
+
| 16 | `aga_set_verification_tier` | Set verification tier (BRONZE/SILVER/GOLD) |
|
|
33
|
+
| 17 | `aga_demonstrate_lifecycle` | Full lifecycle: attest, measure, checkpoint, verify |
|
|
34
|
+
| 18 | `aga_measure_behavior` | Behavioral drift detection (tool patterns) |
|
|
35
|
+
| 19 | `aga_delegate_to_subagent` | Constrained sub-agent delegation (scope only diminishes) |
|
|
36
|
+
| 20 | `aga_rotate_keys` | Key rotation with chain event |
|
|
37
|
+
|
|
38
|
+
## 3 Resources
|
|
40
39
|
|
|
41
40
|
| Resource | URI | Description |
|
|
42
|
-
|
|
41
|
+
| --- | --- | --- |
|
|
43
42
|
| Protocol Spec | `aga://specification/protocol-v2` | Full protocol specification with SPIFFE alignment |
|
|
44
43
|
| Sample Bundle | `aga://resources/sample-bundle` | Sample evidence bundle documentation |
|
|
45
44
|
| Crypto Primitives | `aga://resources/crypto-primitives` | Cryptographic primitives documentation |
|
|
46
|
-
| Patent Claims | `aga://resources/patent-claims` | 20 patent claims mapped to tools |
|
|
47
45
|
|
|
48
46
|
## 3 Prompts
|
|
49
47
|
|
|
@@ -53,20 +51,43 @@ This server acts as a **Portal** (zero-trust Policy Enforcement Point) for AI ag
|
|
|
53
51
|
| `governance-report` | Session governance summary report |
|
|
54
52
|
| `drift-analysis` | Drift event analysis and remediation |
|
|
55
53
|
|
|
54
|
+
## CoSAI MCP Security Threat Coverage
|
|
55
|
+
|
|
56
|
+
The AGA MCP Server addresses all 12 threat categories identified in the
|
|
57
|
+
[CoSAI MCP Security whitepaper](https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/main/model-context-protocol-security.md)
|
|
58
|
+
(Coalition for Secure AI / OASIS, January 2026).
|
|
59
|
+
|
|
60
|
+
| CoSAI Category | Threat Domain | AGA Governance Mechanism |
|
|
61
|
+
|---|---|---|
|
|
62
|
+
| T1: Improper Authentication | Identity & Access | Ed25519 artifact signatures, pinned issuer keys, TTL re-attestation, key rotation chain events |
|
|
63
|
+
| T2: Missing Access Control | Identity & Access | Portal as mandatory enforcement boundary, sealed constraints, delegation with scope diminishment |
|
|
64
|
+
| T3: Input Validation Failures | Input Handling | Runtime measurement against sealed reference, behavioral drift detection |
|
|
65
|
+
| T4: Data/Control Boundary Failures | Input Handling | Behavioral baseline (permitted tools, forbidden sequences, rate limits), phantom execution forensics |
|
|
66
|
+
| T5: Inadequate Data Protection | Data & Code | Salted commitments, privacy-preserving disclosure with substitution, inference risk prevention |
|
|
67
|
+
| T6: Missing Integrity Controls | Data & Code | Content-addressable hash binding, 10 measurement embodiments, continuous runtime verification |
|
|
68
|
+
| T7: Session/Transport Security | Network & Transport | TTL-based artifact expiration, fail-closed on expiry, mid-session revocation, Ed25519 signed receipts |
|
|
69
|
+
| T8: Network Isolation Failures | Network & Transport | Two-process architecture, agent holds no credentials, NETWORK_ISOLATE enforcement action |
|
|
70
|
+
| T9: Trust Boundary Failures | Trust & Design | Enforcement pre-committed by human authorities in sealed artifact, not delegated to LLM |
|
|
71
|
+
| T10: Resource Management | Trust & Design | Per-tool rate limits in behavioral baseline, configurable measurement cadence (10ms to 3600s) |
|
|
72
|
+
| T11: Supply Chain Failures | Operational | Content-addressable hashing at attestation, runtime hash comparison blocks modified components |
|
|
73
|
+
| T12: Insufficient Observability | Operational | Signed receipts, tamper-evident continuity chain, Merkle anchoring, offline evidence bundles |
|
|
74
|
+
|
|
75
|
+
Full mapping details available via the `aga://specification` resource.
|
|
76
|
+
|
|
56
77
|
## Quick Start
|
|
57
78
|
|
|
58
79
|
```bash
|
|
59
80
|
npm install && npm run build && npm test
|
|
60
81
|
```
|
|
61
82
|
|
|
62
|
-
## Connect to
|
|
83
|
+
## Connect to an MCP Client
|
|
63
84
|
|
|
64
|
-
Add to
|
|
85
|
+
Add to your MCP client config:
|
|
65
86
|
|
|
66
87
|
```json
|
|
67
88
|
{
|
|
68
89
|
"mcpServers": {
|
|
69
|
-
"aga": { "command": "node", "args": ["
|
|
90
|
+
"aga": { "command": "node", "args": ["/path/to/aga-mcp-server/dist/index.js"] }
|
|
70
91
|
}
|
|
71
92
|
}
|
|
72
93
|
```
|
|
@@ -74,17 +95,17 @@ Add to `%APPDATA%\Claude\claude_desktop_config.json`:
|
|
|
74
95
|
## Architecture
|
|
75
96
|
|
|
76
97
|
```
|
|
77
|
-
MCP Client
|
|
98
|
+
MCP Client
|
|
78
99
|
│ JSON-RPC over stdio
|
|
79
100
|
▼
|
|
80
|
-
src/server.ts - 20 tools +
|
|
101
|
+
src/server.ts - 20 tools + 3 resources + 3 prompts
|
|
81
102
|
│
|
|
82
103
|
├── src/tools/ 20 individual tool handlers
|
|
83
104
|
├── src/core/ Protocol logic (artifact, chain, portal, etc.)
|
|
84
105
|
├── src/crypto/ Ed25519 + SHA-256 + Merkle + canonical JSON
|
|
85
106
|
├── src/middleware/ Zero-trust governance PEP
|
|
86
107
|
├── src/storage/ In-memory + optional SQLite
|
|
87
|
-
├── src/resources/ Protocol docs +
|
|
108
|
+
├── src/resources/ Protocol docs + crypto primitives
|
|
88
109
|
└── src/prompts/ Demo + report + analysis prompts
|
|
89
110
|
```
|
|
90
111
|
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OpenClaw Config Adapter
|
|
3
|
+
* Detects and patches openclaw.json to route MCP servers through the AGA governance proxy.
|
|
4
|
+
*
|
|
5
|
+
* All OpenClaw assumptions are documented inline. When a real OpenClaw instance
|
|
6
|
+
* becomes available, validate each assumption.
|
|
7
|
+
*
|
|
8
|
+
* Patent: USPTO App. No. 19/433,835
|
|
9
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
10
|
+
* SPDX-License-Identifier: MIT
|
|
11
|
+
*/
|
|
12
|
+
export interface McpServerConfig {
|
|
13
|
+
name: string;
|
|
14
|
+
command?: string;
|
|
15
|
+
args?: string[];
|
|
16
|
+
url?: string;
|
|
17
|
+
env?: Record<string, string>;
|
|
18
|
+
[key: string]: unknown;
|
|
19
|
+
}
|
|
20
|
+
export interface AgentConfigAdapter {
|
|
21
|
+
detect(configPath?: string): Promise<{
|
|
22
|
+
found: boolean;
|
|
23
|
+
path: string;
|
|
24
|
+
version?: string;
|
|
25
|
+
}>;
|
|
26
|
+
readMcpServers(): Promise<McpServerConfig[]>;
|
|
27
|
+
patchMcpServers(proxyPort: number, originals: McpServerConfig[]): Promise<void>;
|
|
28
|
+
restore(): Promise<void>;
|
|
29
|
+
}
|
|
30
|
+
export declare class OpenClawAdapter implements AgentConfigAdapter {
|
|
31
|
+
private configPath;
|
|
32
|
+
private backupPath;
|
|
33
|
+
private getDefaultPath;
|
|
34
|
+
detect(configPath?: string): Promise<{
|
|
35
|
+
found: boolean;
|
|
36
|
+
path: string;
|
|
37
|
+
version?: string;
|
|
38
|
+
}>;
|
|
39
|
+
readMcpServers(): Promise<McpServerConfig[]>;
|
|
40
|
+
patchMcpServers(proxyPort: number, originals: McpServerConfig[]): Promise<void>;
|
|
41
|
+
restore(): Promise<void>;
|
|
42
|
+
}
|
|
43
|
+
//# sourceMappingURL=openclaw.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openclaw.d.ts","sourceRoot":"","sources":["../../src/adapters/openclaw.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAmBH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACzF,cAAc,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;IAC7C,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChF,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAED,qBAAa,eAAgB,YAAW,kBAAkB;IACxD,OAAO,CAAC,UAAU,CAAuB;IACzC,OAAO,CAAC,UAAU,CAAuB;IAEzC,OAAO,CAAC,cAAc;IAIhB,MAAM,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAqBxF,cAAc,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;IAW5C,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IA6B/E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAU/B"}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OpenClaw Config Adapter
|
|
3
|
+
* Detects and patches openclaw.json to route MCP servers through the AGA governance proxy.
|
|
4
|
+
*
|
|
5
|
+
* All OpenClaw assumptions are documented inline. When a real OpenClaw instance
|
|
6
|
+
* becomes available, validate each assumption.
|
|
7
|
+
*
|
|
8
|
+
* Patent: USPTO App. No. 19/433,835
|
|
9
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
10
|
+
* SPDX-License-Identifier: MIT
|
|
11
|
+
*/
|
|
12
|
+
import * as fs from 'node:fs';
|
|
13
|
+
import * as path from 'node:path';
|
|
14
|
+
import * as os from 'node:os';
|
|
15
|
+
export class OpenClawAdapter {
|
|
16
|
+
configPath = null;
|
|
17
|
+
backupPath = null;
|
|
18
|
+
getDefaultPath() {
|
|
19
|
+
return path.join(os.homedir(), '.openclaw', 'openclaw.json');
|
|
20
|
+
}
|
|
21
|
+
async detect(configPath) {
|
|
22
|
+
const p = configPath ?? this.getDefaultPath();
|
|
23
|
+
this.configPath = p;
|
|
24
|
+
this.backupPath = p + '.aga-backup';
|
|
25
|
+
if (!fs.existsSync(p)) {
|
|
26
|
+
return { found: false, path: p };
|
|
27
|
+
}
|
|
28
|
+
try {
|
|
29
|
+
const config = JSON.parse(fs.readFileSync(p, 'utf-8'));
|
|
30
|
+
return {
|
|
31
|
+
found: true,
|
|
32
|
+
path: p,
|
|
33
|
+
version: config.version ?? config.openclaw_version ?? undefined,
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
catch {
|
|
37
|
+
return { found: false, path: p };
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
async readMcpServers() {
|
|
41
|
+
if (!this.configPath)
|
|
42
|
+
throw new Error('Call detect() first');
|
|
43
|
+
const config = JSON.parse(fs.readFileSync(this.configPath, 'utf-8'));
|
|
44
|
+
const servers = config.mcpServers ?? {};
|
|
45
|
+
return Object.entries(servers).map(([name, entry]) => ({
|
|
46
|
+
name,
|
|
47
|
+
...entry,
|
|
48
|
+
}));
|
|
49
|
+
}
|
|
50
|
+
async patchMcpServers(proxyPort, originals) {
|
|
51
|
+
if (!this.configPath || !this.backupPath)
|
|
52
|
+
throw new Error('Call detect() first');
|
|
53
|
+
// Backup original
|
|
54
|
+
const originalContent = fs.readFileSync(this.configPath, 'utf-8');
|
|
55
|
+
fs.writeFileSync(this.backupPath, originalContent);
|
|
56
|
+
const config = JSON.parse(originalContent);
|
|
57
|
+
// Rewrite each MCP server entry to point at the proxy
|
|
58
|
+
// The proxy will forward to the original command/URL
|
|
59
|
+
for (const server of originals) {
|
|
60
|
+
if (config.mcpServers?.[server.name]) {
|
|
61
|
+
const original = config.mcpServers[server.name];
|
|
62
|
+
// Store original config for the proxy to use
|
|
63
|
+
config.mcpServers[server.name] = {
|
|
64
|
+
// Point at proxy instead
|
|
65
|
+
url: `http://127.0.0.1:${proxyPort}`,
|
|
66
|
+
// Preserve metadata
|
|
67
|
+
_aga_original: original,
|
|
68
|
+
_aga_governed: true,
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
fs.writeFileSync(this.configPath, JSON.stringify(config, null, 2));
|
|
73
|
+
}
|
|
74
|
+
async restore() {
|
|
75
|
+
if (!this.configPath || !this.backupPath)
|
|
76
|
+
throw new Error('Call detect() first');
|
|
77
|
+
if (fs.existsSync(this.backupPath)) {
|
|
78
|
+
fs.copyFileSync(this.backupPath, this.configPath);
|
|
79
|
+
fs.unlinkSync(this.backupPath);
|
|
80
|
+
}
|
|
81
|
+
else {
|
|
82
|
+
throw new Error('No backup found - cannot restore');
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
//# sourceMappingURL=openclaw.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openclaw.js","sourceRoot":"","sources":["../../src/adapters/openclaw.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AA+B9B,MAAM,OAAO,eAAe;IAClB,UAAU,GAAkB,IAAI,CAAC;IACjC,UAAU,GAAkB,IAAI,CAAC;IAEjC,cAAc;QACpB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,eAAe,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,UAAmB;QAC9B,MAAM,CAAC,GAAG,UAAU,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;QAC9C,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;QACpB,IAAI,CAAC,UAAU,GAAG,CAAC,GAAG,aAAa,CAAC;QAEpC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YACvD,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,gBAAgB,IAAI,SAAS;aAChE,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAE7D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;QACrE,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;QACxC,OAAO,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACrD,IAAI;YACJ,GAAI,KAAiC;SACtC,CAAC,CAAC,CAAC;IACN,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,SAAiB,EAAE,SAA4B;QACnE,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAEjF,kBAAkB;QAClB,MAAM,eAAe,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAClE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;QAEnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAE3C,sDAAsD;QACtD,qDAAqD;QACrD,KAAK,MAAM,MAAM,IAAI,SAAS,EAAE,CAAC;YAC/B,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAEhD,6CAA6C;gBAC7C,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG;oBAC/B,yBAAyB;oBACzB,GAAG,EAAE,oBAAoB,SAAS,EAAE;oBACpC,oBAAoB;oBACpB,aAAa,EAAE,QAAQ;oBACvB,aAAa,EAAE,IAAI;iBACpB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAEjF,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACnC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;YAClD,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;CACF"}
|
package/dist/core/types.d.ts
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* V3: Aligned with NIST-2025-0035 and NCCoE AI Agent Identity filings.
|
|
3
|
-
* Every interface annotated with patent reference numeral.
|
|
4
3
|
*/
|
|
5
4
|
import type { HashHex, SignatureBase64, SaltHex, MerkleInclusionProof } from '../crypto/types.js';
|
|
6
5
|
export interface SubjectIdentifier {
|
package/dist/core/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAIlG,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAEjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAAG,gBAAgB,GAAG,iBAAiB,GACzD,iBAAiB,GAAI,MAAM,GAAa,WAAW,GACnD,gBAAgB,GAAK,cAAc,GAAK,mBAAmB,GAC3D,gBAAgB,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;CACtC;AAID,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAC/E,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAEzE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,GACd,kBAAkB,GAClB,YAAY,GACZ,gBAAgB,CAAC;AAErB,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CACpC;AAID,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,oBAAoB,EAAE,CAAC;IACtC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,uBAAuB,GACvB,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,YAAY,GACZ,YAAY,CAAC;AAEjB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAM5D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC5E"}
|
package/dist/crypto/hash.d.ts
CHANGED
|
@@ -2,7 +2,7 @@ import type { HashHex } from './types.js';
|
|
|
2
2
|
export declare function sha256Bytes(data: Uint8Array): HashHex;
|
|
3
3
|
export declare function sha256Str(data: string): HashHex;
|
|
4
4
|
export declare function blake2b256(data: Uint8Array): HashHex;
|
|
5
|
-
/** Concatenate inputs (NO delimiter) and SHA-256.
|
|
5
|
+
/** Concatenate inputs (NO delimiter) and SHA-256. No delimiters per protocol spec. */
|
|
6
6
|
export declare function sha256Cat(...parts: (Uint8Array | string)[]): HashHex;
|
|
7
7
|
/** Concatenate hex strings as text (no decode) and hash. For sealed_hash computation. */
|
|
8
8
|
export declare function sha256HexCat(...hexes: string[]): HashHex;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAI1C,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAErD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAEpD;AAED,
|
|
1
|
+
{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAI1C,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAErD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAEpD;AAED,sFAAsF;AACtF,wBAAgB,SAAS,CAAC,GAAG,KAAK,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,GAAG,OAAO,CAOpE;AAED,yFAAyF;AACzF,wBAAgB,YAAY,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAExD"}
|
package/dist/crypto/hash.js
CHANGED
|
@@ -11,7 +11,7 @@ export function sha256Str(data) {
|
|
|
11
11
|
export function blake2b256(data) {
|
|
12
12
|
return bytesToHex(blake2b(data, { dkLen: 32 }));
|
|
13
13
|
}
|
|
14
|
-
/** Concatenate inputs (NO delimiter) and SHA-256.
|
|
14
|
+
/** Concatenate inputs (NO delimiter) and SHA-256. No delimiters per protocol spec. */
|
|
15
15
|
export function sha256Cat(...parts) {
|
|
16
16
|
const bufs = parts.map(p => typeof p === 'string' ? enc.encode(p) : p);
|
|
17
17
|
const total = bufs.reduce((n, b) => n + b.length, 0);
|
package/dist/crypto/hash.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,MAAM,UAAU,WAAW,CAAC,IAAgB;IAC1C,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,OAAO,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,
|
|
1
|
+
{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,MAAM,UAAU,WAAW,CAAC,IAAgB;IAC1C,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,OAAO,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,sFAAsF;AACtF,MAAM,UAAU,SAAS,CAAC,GAAG,KAA8B;IACzD,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvE,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAAC,CAAC;IAChE,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED,yFAAyF;AACzF,MAAM,UAAU,YAAY,CAAC,GAAG,KAAe;IAC7C,OAAO,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AACnC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nccoe-demo.d.ts","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,iBAAiB;;;;;;;;qBAOX;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,kBAAkB,CAAC,EAAE,MAAM,CAAA;KAAE;
|
|
1
|
+
{"version":3,"file":"nccoe-demo.d.ts","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,iBAAiB;;;;;;;;qBAOX;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,kBAAkB,CAAC,EAAE,MAAM,CAAA;KAAE;CAsCtE,CAAC"}
|
|
@@ -42,7 +42,6 @@ ${args.include_behavioral === 'true' ? '14' : '12'}. Call \`aga_get_chain\` with
|
|
|
42
42
|
${args.include_behavioral === 'true' ? '15' : '13'}. Call \`aga_export_bundle\` to generate evidence bundle (need checkpoint first)
|
|
43
43
|
${args.include_behavioral === 'true' ? '16' : '14'}. Call \`aga_verify_bundle\` with the bundle and issuer public key
|
|
44
44
|
|
|
45
|
-
All operations should produce signed receipts and chain events
|
|
46
|
-
Each step maps to specific patent claims (see aga://resources/patent-claims).`,
|
|
45
|
+
All operations should produce signed receipts and chain events.`,
|
|
47
46
|
};
|
|
48
47
|
//# sourceMappingURL=nccoe-demo.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nccoe-demo.js","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,IAAI,EAAE,YAAY;IAClB,WAAW,EAAE,+FAA+F;IAC5G,SAAS,EAAE;QACT,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,KAAK,EAAE;QACvF,EAAE,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,KAAK,EAAE;KACzG;IACD,QAAQ,EAAE,CAAC,IAA0D,EAAE,EAAE,CAAC;;;;;;yDAMnB,IAAI,CAAC,UAAU,IAAI,0CAA0C;;EAEpH,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,+MAA+M,CAAC,CAAC,CAAC,EAAE;;;;;;;;;;;;;;;;;;;EAmBzP,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC;;;CAGtC,CAAC,CAAC,CAAC,EAAE;;;EAGJ,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI
|
|
1
|
+
{"version":3,"file":"nccoe-demo.js","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,IAAI,EAAE,YAAY;IAClB,WAAW,EAAE,+FAA+F;IAC5G,SAAS,EAAE;QACT,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,KAAK,EAAE;QACvF,EAAE,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,KAAK,EAAE;KACzG;IACD,QAAQ,EAAE,CAAC,IAA0D,EAAE,EAAE,CAAC;;;;;;yDAMnB,IAAI,CAAC,UAAU,IAAI,0CAA0C;;EAEpH,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,+MAA+M,CAAC,CAAC,CAAC,EAAE;;;;;;;;;;;;;;;;;;;EAmBzP,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC;;;CAGtC,CAAC,CAAC,CAAC,EAAE;;;EAGJ,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;;gEAEc;CAC/D,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AGA Governance Proxy - Tool Policy Evaluator
|
|
3
|
+
* Ported from aga-mcp-gateway/src/governance/policy.ts with rate limiting.
|
|
4
|
+
*
|
|
5
|
+
* Patent: USPTO App. No. 19/433,835
|
|
6
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
7
|
+
* SPDX-License-Identifier: MIT
|
|
8
|
+
*/
|
|
9
|
+
import type { ToolPolicy, ToolCallDecision } from './types.js';
|
|
10
|
+
export declare function resetRateLimits(): void;
|
|
11
|
+
export declare function cleanPath(p: string): string;
|
|
12
|
+
export declare function matchesPrefix(prefix: string, candidate: string): boolean;
|
|
13
|
+
export declare function evaluate(policy: ToolPolicy, toolName: string, args?: Record<string, unknown>): ToolCallDecision;
|
|
14
|
+
//# sourceMappingURL=evaluator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evaluator.d.ts","sourceRoot":"","sources":["../../src/proxy/evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AA6B/D,wBAAgB,eAAe,IAAI,IAAI,CAEtC;AAID,wBAAgB,SAAS,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAwB3C;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAOxE;AAyCD,wBAAgB,QAAQ,CACtB,MAAM,EAAE,UAAU,EAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,gBAAgB,CAqDlB"}
|
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AGA Governance Proxy - Tool Policy Evaluator
|
|
3
|
+
* Ported from aga-mcp-gateway/src/governance/policy.ts with rate limiting.
|
|
4
|
+
*
|
|
5
|
+
* Patent: USPTO App. No. 19/433,835
|
|
6
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
7
|
+
* SPDX-License-Identifier: MIT
|
|
8
|
+
*/
|
|
9
|
+
const rateLimits = new Map();
|
|
10
|
+
function checkRateLimit(toolName, maxPerMinute) {
|
|
11
|
+
const now = Date.now();
|
|
12
|
+
const cutoff = now - 60_000;
|
|
13
|
+
let window = rateLimits.get(toolName);
|
|
14
|
+
if (!window) {
|
|
15
|
+
window = { timestamps: [] };
|
|
16
|
+
rateLimits.set(toolName, window);
|
|
17
|
+
}
|
|
18
|
+
// Prune expired entries
|
|
19
|
+
window.timestamps = window.timestamps.filter(t => t > cutoff);
|
|
20
|
+
if (window.timestamps.length >= maxPerMinute)
|
|
21
|
+
return false;
|
|
22
|
+
window.timestamps.push(now);
|
|
23
|
+
return true;
|
|
24
|
+
}
|
|
25
|
+
export function resetRateLimits() {
|
|
26
|
+
rateLimits.clear();
|
|
27
|
+
}
|
|
28
|
+
// ── Path Utilities (from aga-mcp-gateway) ───────────────────
|
|
29
|
+
export function cleanPath(p) {
|
|
30
|
+
p = p.replace(/\\/g, '/');
|
|
31
|
+
p = p.replace(/\/+/g, '/');
|
|
32
|
+
const segments = p.split('/');
|
|
33
|
+
const resolved = [];
|
|
34
|
+
const absolute = segments[0] === '';
|
|
35
|
+
for (const seg of segments) {
|
|
36
|
+
if (seg === '' || seg === '.')
|
|
37
|
+
continue;
|
|
38
|
+
if (seg === '..') {
|
|
39
|
+
if (resolved.length > 0 && resolved[resolved.length - 1] !== '..') {
|
|
40
|
+
resolved.pop();
|
|
41
|
+
}
|
|
42
|
+
else if (!absolute) {
|
|
43
|
+
resolved.push('..');
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
else {
|
|
47
|
+
resolved.push(seg);
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
let result = (absolute ? '/' : '') + resolved.join('/');
|
|
51
|
+
if (result === '')
|
|
52
|
+
result = '.';
|
|
53
|
+
return result;
|
|
54
|
+
}
|
|
55
|
+
export function matchesPrefix(prefix, candidate) {
|
|
56
|
+
const cleanPrefix = cleanPath(prefix);
|
|
57
|
+
const cleanCandidate = cleanPath(candidate);
|
|
58
|
+
if (cleanCandidate === cleanPrefix)
|
|
59
|
+
return true;
|
|
60
|
+
const prefixWithSlash = cleanPrefix.endsWith('/') ? cleanPrefix : cleanPrefix + '/';
|
|
61
|
+
return cleanCandidate.startsWith(prefixWithSlash);
|
|
62
|
+
}
|
|
63
|
+
function checkPathConstraints(constraint, args) {
|
|
64
|
+
if (!constraint.path_prefix)
|
|
65
|
+
return null;
|
|
66
|
+
const keys = constraint.path_keys?.length ? constraint.path_keys : ['path'];
|
|
67
|
+
if (!args)
|
|
68
|
+
return null;
|
|
69
|
+
for (const key of keys) {
|
|
70
|
+
const val = args[key];
|
|
71
|
+
if (typeof val === 'string') {
|
|
72
|
+
if (!matchesPrefix(constraint.path_prefix, val)) {
|
|
73
|
+
return `path "${val}" outside allowed prefix "${constraint.path_prefix}"`;
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
return null;
|
|
78
|
+
}
|
|
79
|
+
function checkDeniedPatterns(constraint, args) {
|
|
80
|
+
if (!constraint.denied_patterns?.length)
|
|
81
|
+
return null;
|
|
82
|
+
if (!args)
|
|
83
|
+
return null;
|
|
84
|
+
for (const [, val] of Object.entries(args)) {
|
|
85
|
+
if (typeof val !== 'string')
|
|
86
|
+
continue;
|
|
87
|
+
for (const pattern of constraint.denied_patterns) {
|
|
88
|
+
if (val.includes(pattern)) {
|
|
89
|
+
return `argument value matches denied pattern "${pattern}"`;
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
return null;
|
|
94
|
+
}
|
|
95
|
+
// ── Main Evaluator ──────────────────────────────────────────
|
|
96
|
+
export function evaluate(policy, toolName, args) {
|
|
97
|
+
const base = { tool_name: toolName, policy_mode: policy.mode };
|
|
98
|
+
// Audit-only mode: always permit
|
|
99
|
+
if (policy.mode === 'audit_only') {
|
|
100
|
+
return { ...base, allowed: true, reason: 'audit_only: all calls permitted' };
|
|
101
|
+
}
|
|
102
|
+
if (policy.mode !== 'allowlist' && policy.mode !== 'denylist') {
|
|
103
|
+
return { ...base, allowed: false, reason: `unknown policy mode: ${policy.mode}` };
|
|
104
|
+
}
|
|
105
|
+
const constraint = policy.constraints[toolName];
|
|
106
|
+
if (policy.mode === 'allowlist') {
|
|
107
|
+
if (!constraint) {
|
|
108
|
+
return { ...base, allowed: false, reason: 'tool not in allowlist' };
|
|
109
|
+
}
|
|
110
|
+
if (!constraint.allowed) {
|
|
111
|
+
return { ...base, allowed: false, reason: 'tool explicitly disallowed' };
|
|
112
|
+
}
|
|
113
|
+
// Rate limit check
|
|
114
|
+
if (constraint.max_calls_per_minute) {
|
|
115
|
+
if (!checkRateLimit(toolName, constraint.max_calls_per_minute)) {
|
|
116
|
+
return { ...base, allowed: false, reason: `rate limit exceeded: ${constraint.max_calls_per_minute}/min` };
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
const pathResult = checkPathConstraints(constraint, args);
|
|
120
|
+
if (pathResult !== null) {
|
|
121
|
+
return { ...base, allowed: false, reason: pathResult };
|
|
122
|
+
}
|
|
123
|
+
const patternResult = checkDeniedPatterns(constraint, args);
|
|
124
|
+
if (patternResult !== null) {
|
|
125
|
+
return { ...base, allowed: false, reason: patternResult };
|
|
126
|
+
}
|
|
127
|
+
return { ...base, allowed: true, reason: 'tool permitted by allowlist' };
|
|
128
|
+
}
|
|
129
|
+
// Denylist mode
|
|
130
|
+
if (constraint && !constraint.allowed) {
|
|
131
|
+
return { ...base, allowed: false, reason: 'tool denied by denylist' };
|
|
132
|
+
}
|
|
133
|
+
// Rate limit check for denylist mode (tool not explicitly denied)
|
|
134
|
+
if (constraint?.max_calls_per_minute) {
|
|
135
|
+
if (!checkRateLimit(toolName, constraint.max_calls_per_minute)) {
|
|
136
|
+
return { ...base, allowed: false, reason: `rate limit exceeded: ${constraint.max_calls_per_minute}/min` };
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
return { ...base, allowed: true, reason: 'tool not denied' };
|
|
140
|
+
}
|
|
141
|
+
//# sourceMappingURL=evaluator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evaluator.js","sourceRoot":"","sources":["../../src/proxy/evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAUH,MAAM,UAAU,GAAG,IAAI,GAAG,EAAsB,CAAC;AAEjD,SAAS,cAAc,CAAC,QAAgB,EAAE,YAAoB;IAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC;IAE5B,IAAI,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC5B,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,wBAAwB;IACxB,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC;IAE9D,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,YAAY;QAAE,OAAO,KAAK,CAAC;IAE3D,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,UAAU,CAAC,KAAK,EAAE,CAAC;AACrB,CAAC;AAED,+DAA+D;AAE/D,MAAM,UAAU,SAAS,CAAC,CAAS;IACjC,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC1B,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE3B,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;IAEpC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,GAAG,KAAK,EAAE,IAAI,GAAG,KAAK,GAAG;YAAE,SAAS;QACxC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAClE,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjB,CAAC;iBAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACrB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,IAAI,MAAM,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxD,IAAI,MAAM,KAAK,EAAE;QAAE,MAAM,GAAG,GAAG,CAAC;IAChC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAc,EAAE,SAAiB;IAC7D,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,cAAc,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;IAE5C,IAAI,cAAc,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IAChD,MAAM,eAAe,GAAG,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,GAAG,GAAG,CAAC;IACpF,OAAO,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAA0D,EAC1D,IAA8B;IAE9B,IAAI,CAAC,UAAU,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IACzC,MAAM,IAAI,GAAG,UAAU,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAC5E,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,WAAW,EAAE,GAAG,CAAC,EAAE,CAAC;gBAChD,OAAO,SAAS,GAAG,6BAA6B,UAAU,CAAC,WAAW,GAAG,CAAC;YAC5E,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAC1B,UAA0C,EAC1C,IAA8B;IAE9B,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,MAAM;QAAE,OAAO,IAAI,CAAC;IACrD,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,KAAK,MAAM,CAAC,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3C,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,SAAS;QACtC,KAAK,MAAM,OAAO,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC;YACjD,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO,0CAA0C,OAAO,GAAG,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+DAA+D;AAE/D,MAAM,UAAU,QAAQ,CACtB,MAAkB,EAClB,QAAgB,EAChB,IAA8B;IAE9B,MAAM,IAAI,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;IAE/D,iCAAiC;IACjC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACjC,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,iCAAiC,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC9D,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;IACpF,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAEhD,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;QACtE,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC;QAC3E,CAAC;QAED,mBAAmB;QACnB,IAAI,UAAU,CAAC,oBAAoB,EAAE,CAAC;YACpC,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC/D,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,UAAU,CAAC,oBAAoB,MAAM,EAAE,CAAC;YAC5G,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAG,oBAAoB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACxB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;QACzD,CAAC;QACD,MAAM,aAAa,GAAG,mBAAmB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAC5D,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;YAC3B,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QAC5D,CAAC;QACD,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;IAC3E,CAAC;IAED,gBAAgB;IAChB,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACtC,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IACxE,CAAC;IAED,kEAAkE;IAClE,IAAI,UAAU,EAAE,oBAAoB,EAAE,CAAC;QACrC,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC/D,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,UAAU,CAAC,oBAAoB,MAAM,EAAE,CAAC;QAC5G,CAAC;IACH,CAAC;IAED,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;AAC/D,CAAC"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* AGA Governance Proxy - CLI Entry Point
|
|
4
|
+
*
|
|
5
|
+
* Usage:
|
|
6
|
+
* aga-proxy start --upstream "node server.js" # stdio upstream
|
|
7
|
+
* aga-proxy start --upstream-url http://host:port # HTTP upstream
|
|
8
|
+
* aga-proxy start --profile standard # policy profile
|
|
9
|
+
* aga-proxy stop
|
|
10
|
+
* aga-proxy status
|
|
11
|
+
* aga-proxy export --output bundle.json
|
|
12
|
+
* aga-proxy verify bundle.json
|
|
13
|
+
*
|
|
14
|
+
* Patent: USPTO App. No. 19/433,835
|
|
15
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
16
|
+
* SPDX-License-Identifier: MIT
|
|
17
|
+
*/
|
|
18
|
+
export { GovernanceProxy } from './server.js';
|
|
19
|
+
export { evaluate, resetRateLimits } from './evaluator.js';
|
|
20
|
+
export { PROFILES, PERMISSIVE, STANDARD, RESTRICTIVE } from './profiles.js';
|
|
21
|
+
export type { ToolPolicy, ToolConstraint, ToolCallDecision, ProxyConfig } from './types.js';
|
|
22
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/proxy/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;GAeG;AAsOH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5E,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC"}
|