@attested-intelligence/aga-mcp-server 2.0.0 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +57 -36
- package/dist/adapters/openclaw.d.ts +43 -0
- package/dist/adapters/openclaw.d.ts.map +1 -0
- package/dist/adapters/openclaw.js +86 -0
- package/dist/adapters/openclaw.js.map +1 -0
- package/dist/core/types.d.ts +0 -1
- package/dist/core/types.d.ts.map +1 -1
- package/dist/crypto/hash.d.ts +1 -1
- package/dist/crypto/hash.d.ts.map +1 -1
- package/dist/crypto/hash.js +1 -1
- package/dist/crypto/hash.js.map +1 -1
- package/dist/prompts/nccoe-demo.d.ts.map +1 -1
- package/dist/prompts/nccoe-demo.js +1 -2
- package/dist/prompts/nccoe-demo.js.map +1 -1
- package/dist/proxy/evaluator.d.ts +14 -0
- package/dist/proxy/evaluator.d.ts.map +1 -0
- package/dist/proxy/evaluator.js +141 -0
- package/dist/proxy/evaluator.js.map +1 -0
- package/dist/proxy/index.d.ts +22 -0
- package/dist/proxy/index.d.ts.map +1 -0
- package/dist/proxy/index.js +230 -0
- package/dist/proxy/index.js.map +1 -0
- package/dist/proxy/profiles.d.ts +16 -0
- package/dist/proxy/profiles.d.ts.map +1 -0
- package/dist/proxy/profiles.js +43 -0
- package/dist/proxy/profiles.js.map +1 -0
- package/dist/proxy/server.d.ts +106 -0
- package/dist/proxy/server.d.ts.map +1 -0
- package/dist/proxy/server.js +389 -0
- package/dist/proxy/server.js.map +1 -0
- package/dist/proxy/stdio-bridge.d.ts +42 -0
- package/dist/proxy/stdio-bridge.d.ts.map +1 -0
- package/dist/proxy/stdio-bridge.js +142 -0
- package/dist/proxy/stdio-bridge.js.map +1 -0
- package/dist/proxy/types.d.ts +36 -0
- package/dist/proxy/types.d.ts.map +1 -0
- package/dist/proxy/types.js +11 -0
- package/dist/proxy/types.js.map +1 -0
- package/dist/proxy/verify.d.ts +29 -0
- package/dist/proxy/verify.d.ts.map +1 -0
- package/dist/proxy/verify.js +183 -0
- package/dist/proxy/verify.js.map +1 -0
- package/dist/resources/cosai-mapping.d.ts +24 -0
- package/dist/resources/cosai-mapping.d.ts.map +1 -0
- package/dist/resources/cosai-mapping.js +127 -0
- package/dist/resources/cosai-mapping.js.map +1 -0
- package/dist/resources/crypto-primitives.d.ts +1 -1
- package/dist/resources/crypto-primitives.d.ts.map +1 -1
- package/dist/resources/crypto-primitives.js +2 -2
- package/dist/resources/specification.d.ts +1 -1
- package/dist/resources/specification.d.ts.map +1 -1
- package/dist/resources/specification.js +59 -5
- package/dist/resources/specification.js.map +1 -1
- package/dist/server.d.ts +1 -2
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +14 -17
- package/dist/server.js.map +1 -1
- package/dist/tools/server-info.d.ts.map +1 -1
- package/dist/tools/server-info.js +0 -1
- package/dist/tools/server-info.js.map +1 -1
- package/dist/types.d.ts +0 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +0 -1
- package/dist/types.js.map +1 -1
- package/package.json +9 -5
- package/PATENTS.md +0 -28
- package/dist/resources/patent-claims.d.ts +0 -3
- package/dist/resources/patent-claims.d.ts.map +0 -1
- package/dist/resources/patent-claims.js +0 -67
- package/dist/resources/patent-claims.js.map +0 -1
|
@@ -0,0 +1,230 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* AGA Governance Proxy - CLI Entry Point
|
|
4
|
+
*
|
|
5
|
+
* Usage:
|
|
6
|
+
* aga-proxy start --upstream "node server.js" # stdio upstream
|
|
7
|
+
* aga-proxy start --upstream-url http://host:port # HTTP upstream
|
|
8
|
+
* aga-proxy start --profile standard # policy profile
|
|
9
|
+
* aga-proxy stop
|
|
10
|
+
* aga-proxy status
|
|
11
|
+
* aga-proxy export --output bundle.json
|
|
12
|
+
* aga-proxy verify bundle.json
|
|
13
|
+
*
|
|
14
|
+
* Patent: USPTO App. No. 19/433,835
|
|
15
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
16
|
+
* SPDX-License-Identifier: MIT
|
|
17
|
+
*/
|
|
18
|
+
import { Command } from 'commander';
|
|
19
|
+
import * as fs from 'node:fs';
|
|
20
|
+
import * as path from 'node:path';
|
|
21
|
+
import * as os from 'node:os';
|
|
22
|
+
import { GovernanceProxy } from './server.js';
|
|
23
|
+
import { PROFILES } from './profiles.js';
|
|
24
|
+
const program = new Command();
|
|
25
|
+
let proxy = null;
|
|
26
|
+
function getDataDir() {
|
|
27
|
+
return path.join(os.homedir(), '.aga-proxy');
|
|
28
|
+
}
|
|
29
|
+
function getPidFile() {
|
|
30
|
+
return path.join(getDataDir(), 'proxy.pid');
|
|
31
|
+
}
|
|
32
|
+
program
|
|
33
|
+
.name('aga-proxy')
|
|
34
|
+
.description('AGA Governance Proxy - cryptographic runtime governance for MCP tool calls')
|
|
35
|
+
.version('0.1.0');
|
|
36
|
+
// ── start ────────────────────────────────────────────────────
|
|
37
|
+
program
|
|
38
|
+
.command('start')
|
|
39
|
+
.description('Start the governance proxy')
|
|
40
|
+
.option('-p, --port <port>', 'Proxy port', '18800')
|
|
41
|
+
.option('--upstream <command>', 'Downstream MCP server command (stdio)')
|
|
42
|
+
.option('--upstream-url <url>', 'Downstream MCP server URL (HTTP)')
|
|
43
|
+
.option('--profile <name>', 'Policy profile: permissive, standard, restrictive', 'permissive')
|
|
44
|
+
.option('--policy <path>', 'Custom policy JSON file')
|
|
45
|
+
.action(async (opts) => {
|
|
46
|
+
const port = parseInt(opts.port, 10);
|
|
47
|
+
let policy;
|
|
48
|
+
if (opts.policy) {
|
|
49
|
+
policy = JSON.parse(fs.readFileSync(opts.policy, 'utf-8'));
|
|
50
|
+
}
|
|
51
|
+
else {
|
|
52
|
+
policy = PROFILES[opts.profile] ?? PROFILES.permissive;
|
|
53
|
+
}
|
|
54
|
+
const upstream = opts.upstream ? parseUpstreamCommand(opts.upstream) : undefined;
|
|
55
|
+
proxy = new GovernanceProxy({
|
|
56
|
+
port,
|
|
57
|
+
policy,
|
|
58
|
+
upstream,
|
|
59
|
+
upstreamUrl: opts.upstreamUrl,
|
|
60
|
+
});
|
|
61
|
+
proxy.on('started', ({ port: p }) => {
|
|
62
|
+
console.log(`AGA Governance Proxy started on port ${p}`);
|
|
63
|
+
console.log(`Policy mode: ${policy.mode}`);
|
|
64
|
+
if (opts.upstream)
|
|
65
|
+
console.log(`Upstream (stdio): ${opts.upstream}`);
|
|
66
|
+
if (opts.upstreamUrl)
|
|
67
|
+
console.log(`Upstream (HTTP): ${opts.upstreamUrl}`);
|
|
68
|
+
});
|
|
69
|
+
proxy.on('error', (err) => {
|
|
70
|
+
console.error(`Proxy error: ${err.message}`);
|
|
71
|
+
});
|
|
72
|
+
// Ensure data dir exists
|
|
73
|
+
const dataDir = getDataDir();
|
|
74
|
+
if (!fs.existsSync(dataDir))
|
|
75
|
+
fs.mkdirSync(dataDir, { recursive: true });
|
|
76
|
+
await proxy.start();
|
|
77
|
+
// Write PID file
|
|
78
|
+
fs.writeFileSync(getPidFile(), String(process.pid));
|
|
79
|
+
// Graceful shutdown
|
|
80
|
+
const shutdown = async () => {
|
|
81
|
+
console.log('\nShutting down...');
|
|
82
|
+
if (proxy) {
|
|
83
|
+
await proxy.stop();
|
|
84
|
+
try {
|
|
85
|
+
fs.unlinkSync(getPidFile());
|
|
86
|
+
}
|
|
87
|
+
catch { /* ok */ }
|
|
88
|
+
}
|
|
89
|
+
process.exit(0);
|
|
90
|
+
};
|
|
91
|
+
process.on('SIGINT', shutdown);
|
|
92
|
+
process.on('SIGTERM', shutdown);
|
|
93
|
+
});
|
|
94
|
+
// ── run (foreground, alias for start) ────────────────────────
|
|
95
|
+
program
|
|
96
|
+
.command('run')
|
|
97
|
+
.description('Run proxy in foreground (same as start, Ctrl+C to stop)')
|
|
98
|
+
.option('-p, --port <port>', 'Proxy port', '18800')
|
|
99
|
+
.option('--upstream <command>', 'Downstream MCP server command (stdio)')
|
|
100
|
+
.option('--upstream-url <url>', 'Downstream MCP server URL (HTTP)')
|
|
101
|
+
.option('--profile <name>', 'Policy profile', 'permissive')
|
|
102
|
+
.option('--policy <path>', 'Custom policy JSON file')
|
|
103
|
+
.action(async (opts) => {
|
|
104
|
+
// Delegate to start - identical behavior in Node.js
|
|
105
|
+
await program.commands.find(c => c.name() === 'start').parseAsync(['node', 'aga-proxy', 'start', ...process.argv.slice(3)]);
|
|
106
|
+
});
|
|
107
|
+
// ── stop ─────────────────────────────────────────────────────
|
|
108
|
+
program
|
|
109
|
+
.command('stop')
|
|
110
|
+
.description('Stop the running proxy')
|
|
111
|
+
.action(async () => {
|
|
112
|
+
const pidFile = getPidFile();
|
|
113
|
+
if (!fs.existsSync(pidFile)) {
|
|
114
|
+
console.log('No running proxy found');
|
|
115
|
+
return;
|
|
116
|
+
}
|
|
117
|
+
const pid = parseInt(fs.readFileSync(pidFile, 'utf-8').trim(), 10);
|
|
118
|
+
try {
|
|
119
|
+
process.kill(pid, 'SIGTERM');
|
|
120
|
+
console.log(`Sent SIGTERM to proxy (PID ${pid})`);
|
|
121
|
+
fs.unlinkSync(pidFile);
|
|
122
|
+
}
|
|
123
|
+
catch {
|
|
124
|
+
console.log('Proxy process not found, cleaning up PID file');
|
|
125
|
+
fs.unlinkSync(pidFile);
|
|
126
|
+
}
|
|
127
|
+
});
|
|
128
|
+
// ── status ───────────────────────────────────────────────────
|
|
129
|
+
program
|
|
130
|
+
.command('status')
|
|
131
|
+
.description('Show proxy status')
|
|
132
|
+
.action(async () => {
|
|
133
|
+
if (proxy) {
|
|
134
|
+
console.log(JSON.stringify(proxy.getStatus(), null, 2));
|
|
135
|
+
}
|
|
136
|
+
else {
|
|
137
|
+
const pidFile = getPidFile();
|
|
138
|
+
if (fs.existsSync(pidFile)) {
|
|
139
|
+
const pid = parseInt(fs.readFileSync(pidFile, 'utf-8').trim(), 10);
|
|
140
|
+
try {
|
|
141
|
+
process.kill(pid, 0); // Check if alive
|
|
142
|
+
console.log(JSON.stringify({ running: true, pid }, null, 2));
|
|
143
|
+
}
|
|
144
|
+
catch {
|
|
145
|
+
console.log(JSON.stringify({ running: false, stale_pid: pid }, null, 2));
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
else {
|
|
149
|
+
console.log(JSON.stringify({ running: false }, null, 2));
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
});
|
|
153
|
+
// ── export ───────────────────────────────────────────────────
|
|
154
|
+
program
|
|
155
|
+
.command('export')
|
|
156
|
+
.description('Export evidence bundle')
|
|
157
|
+
.option('-o, --output <path>', 'Output file', 'evidence-bundle.json')
|
|
158
|
+
.action(async (opts) => {
|
|
159
|
+
if (!proxy) {
|
|
160
|
+
console.error('Proxy not running in this process. Start the proxy first.');
|
|
161
|
+
process.exit(1);
|
|
162
|
+
}
|
|
163
|
+
const bundle = await proxy.exportBundle();
|
|
164
|
+
fs.writeFileSync(opts.output, JSON.stringify(bundle, null, 2));
|
|
165
|
+
console.log(`Evidence bundle exported to ${opts.output}`);
|
|
166
|
+
});
|
|
167
|
+
// ── verify ───────────────────────────────────────────────────
|
|
168
|
+
program
|
|
169
|
+
.command('verify <bundle>')
|
|
170
|
+
.description('Verify an evidence bundle (Ed25519-SHA256-JCS format)')
|
|
171
|
+
.action(async (bundlePath) => {
|
|
172
|
+
const { verifyGatewayBundle } = await import('./verify.js');
|
|
173
|
+
const bundleJson = fs.readFileSync(bundlePath, 'utf-8');
|
|
174
|
+
const result = await verifyGatewayBundle(bundleJson);
|
|
175
|
+
console.log(`Algorithm: ${result.algorithm_valid ? 'PASS' : 'FAIL'}`);
|
|
176
|
+
console.log(`Signatures: ${result.receipt_signatures_valid ? 'PASS' : 'FAIL'} (${result.receipts_checked} receipts)`);
|
|
177
|
+
console.log(`Chain integrity: ${result.chain_integrity_valid ? 'PASS' : 'FAIL'}`);
|
|
178
|
+
console.log(`Merkle proofs: ${result.merkle_proofs_valid ? 'PASS' : 'FAIL'}`);
|
|
179
|
+
console.log(`Consistency: ${result.bundle_consistent ? 'PASS' : 'FAIL'}`);
|
|
180
|
+
console.log(`\nOVERALL: ${result.overall_valid ? 'VERIFIED' : 'FAILED'}`);
|
|
181
|
+
if (result.error)
|
|
182
|
+
console.log(`Error: ${result.error}`);
|
|
183
|
+
process.exit(result.overall_valid ? 0 : 1);
|
|
184
|
+
});
|
|
185
|
+
// ── policy ───────────────────────────────────────────────────
|
|
186
|
+
const policyCmd = program.command('policy').description('Policy management');
|
|
187
|
+
policyCmd
|
|
188
|
+
.command('show')
|
|
189
|
+
.description('Show current policy')
|
|
190
|
+
.action(() => {
|
|
191
|
+
if (!proxy) {
|
|
192
|
+
console.error('Proxy not running in this process.');
|
|
193
|
+
process.exit(1);
|
|
194
|
+
}
|
|
195
|
+
console.log(JSON.stringify(proxy.getStatus(), null, 2));
|
|
196
|
+
});
|
|
197
|
+
policyCmd
|
|
198
|
+
.command('switch <profile>')
|
|
199
|
+
.description('Switch policy profile')
|
|
200
|
+
.action(async (profile) => {
|
|
201
|
+
if (!proxy) {
|
|
202
|
+
console.error('Proxy not running in this process.');
|
|
203
|
+
process.exit(1);
|
|
204
|
+
}
|
|
205
|
+
const newPolicy = PROFILES[profile];
|
|
206
|
+
if (!newPolicy) {
|
|
207
|
+
console.error(`Unknown profile: ${profile}. Available: ${Object.keys(PROFILES).join(', ')}`);
|
|
208
|
+
process.exit(1);
|
|
209
|
+
}
|
|
210
|
+
await proxy.switchPolicy(newPolicy);
|
|
211
|
+
console.log(`Switched to ${profile} profile`);
|
|
212
|
+
});
|
|
213
|
+
// ── helpers ──────────────────────────────────────────────────
|
|
214
|
+
function parseUpstreamCommand(cmd) {
|
|
215
|
+
const parts = cmd.split(/\s+/);
|
|
216
|
+
return { command: parts[0], args: parts.slice(1) };
|
|
217
|
+
}
|
|
218
|
+
// ── main ─────────────────────────────────────────────────────
|
|
219
|
+
export { GovernanceProxy } from './server.js';
|
|
220
|
+
export { evaluate, resetRateLimits } from './evaluator.js';
|
|
221
|
+
export { PROFILES, PERMISSIVE, STANDARD, RESTRICTIVE } from './profiles.js';
|
|
222
|
+
// Only parse CLI if run directly
|
|
223
|
+
const isDirectRun = process.argv[1]?.includes('proxy') || process.argv[1]?.includes('aga-proxy');
|
|
224
|
+
if (isDirectRun) {
|
|
225
|
+
program.parseAsync().catch((err) => {
|
|
226
|
+
console.error(err);
|
|
227
|
+
process.exit(1);
|
|
228
|
+
});
|
|
229
|
+
}
|
|
230
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/proxy/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAC9B,IAAI,KAAK,GAA2B,IAAI,CAAC;AAEzC,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,WAAW,CAAC,CAAC;AAC9C,CAAC;AAED,OAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CAAC,4EAA4E,CAAC;KACzF,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,4BAA4B,CAAC;KACzC,MAAM,CAAC,mBAAmB,EAAE,YAAY,EAAE,OAAO,CAAC;KAClD,MAAM,CAAC,sBAAsB,EAAE,uCAAuC,CAAC;KACvE,MAAM,CAAC,sBAAsB,EAAE,kCAAkC,CAAC;KAClE,MAAM,CAAC,kBAAkB,EAAE,mDAAmD,EAAE,YAAY,CAAC;KAC7F,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;KACpD,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACrC,IAAI,MAAkB,CAAC;IAEvB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7D,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC;IACzD,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEjF,KAAK,GAAG,IAAI,eAAe,CAAC;QAC1B,IAAI;QACJ,MAAM;QACN,QAAQ;QACR,WAAW,EAAE,IAAI,CAAC,WAAW;KAC9B,CAAC,CAAC;IAEH,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAoB,EAAE,EAAE;QACpD,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3C,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACrE,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;QAC/B,OAAO,CAAC,KAAK,CAAC,gBAAgB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,yBAAyB;IACzB,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAExE,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;IAEpB,iBAAiB;IACjB,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IAEpD,oBAAoB;IACpB,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;YACnB,IAAI,CAAC;gBAAC,EAAE,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,yDAAyD,CAAC;KACtE,MAAM,CAAC,mBAAmB,EAAE,YAAY,EAAE,OAAO,CAAC;KAClD,MAAM,CAAC,sBAAsB,EAAE,uCAAuC,CAAC;KACvE,MAAM,CAAC,sBAAsB,EAAE,kCAAkC,CAAC;KAClE,MAAM,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,YAAY,CAAC;KAC1D,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;KACpD,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,oDAAoD;IACpD,MAAM,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,OAAO,CAAE,CAAC,UAAU,CAChE,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CACzD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,wBAAwB,CAAC;KACrC,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACtC,OAAO;IACT,CAAC;IACD,MAAM,GAAG,GAAG,QAAQ,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IACnE,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,8BAA8B,GAAG,GAAG,CAAC,CAAC;QAClD,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC7D,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,mBAAmB,CAAC;KAChC,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAC7B,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,QAAQ,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YACnE,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,iBAAiB;gBACvC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC/D,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,wBAAwB,CAAC;KACrC,MAAM,CAAC,qBAAqB,EAAE,aAAa,EAAE,sBAAsB,CAAC;KACpE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;QAC3E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,EAAE,CAAC;IAC1C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,+BAA+B,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5D,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,iBAAiB,CAAC;KAC1B,WAAW,CAAC,uDAAuD,CAAC;KACpE,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE;IAC3B,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACxD,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAErD,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,wBAAwB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,gBAAgB,YAAY,CAAC,CAAC;IAC5H,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACnF,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC1E,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,CAAC,GAAG,CAAC,UAAU,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IAExD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7C,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAC;AAE7E,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,qBAAqB,CAAC;KAClC,MAAM,CAAC,GAAG,EAAE;IACX,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC1D,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,kBAAkB,CAAC;KAC3B,WAAW,CAAC,uBAAuB,CAAC;KACpC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,oBAAoB,OAAO,gBAAgB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,UAAU,CAAC,CAAC;AAChD,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,SAAS,oBAAoB,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/B,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,gEAAgE;AAEhE,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG5E,iCAAiC;AACjC,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;AACjG,IAAI,WAAW,EAAE,CAAC;IAChB,OAAO,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACjC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AGA Governance Proxy - Built-in Policy Profiles
|
|
3
|
+
*
|
|
4
|
+
* Patent: USPTO App. No. 19/433,835
|
|
5
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
6
|
+
* SPDX-License-Identifier: MIT
|
|
7
|
+
*/
|
|
8
|
+
import type { ToolPolicy } from './types.js';
|
|
9
|
+
/** All tools permitted, no rate limits, logging only. */
|
|
10
|
+
export declare const PERMISSIVE: ToolPolicy;
|
|
11
|
+
/** All common tools allowed with rate limits. Dangerous patterns denied. */
|
|
12
|
+
export declare const STANDARD: ToolPolicy;
|
|
13
|
+
/** Explicit allowlist only. All unrecognized tools denied. Low rate limits. */
|
|
14
|
+
export declare const RESTRICTIVE: ToolPolicy;
|
|
15
|
+
export declare const PROFILES: Record<string, ToolPolicy>;
|
|
16
|
+
//# sourceMappingURL=profiles.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"profiles.d.ts","sourceRoot":"","sources":["../../src/proxy/profiles.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C,yDAAyD;AACzD,eAAO,MAAM,UAAU,EAAE,UAGxB,CAAC;AAEF,4EAA4E;AAC5E,eAAO,MAAM,QAAQ,EAAE,UActB,CAAC;AAEF,+EAA+E;AAC/E,eAAO,MAAM,WAAW,EAAE,UAOzB,CAAC;AAEF,eAAO,MAAM,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAI/C,CAAC"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AGA Governance Proxy - Built-in Policy Profiles
|
|
3
|
+
*
|
|
4
|
+
* Patent: USPTO App. No. 19/433,835
|
|
5
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
6
|
+
* SPDX-License-Identifier: MIT
|
|
7
|
+
*/
|
|
8
|
+
/** All tools permitted, no rate limits, logging only. */
|
|
9
|
+
export const PERMISSIVE = {
|
|
10
|
+
mode: 'audit_only',
|
|
11
|
+
constraints: {},
|
|
12
|
+
};
|
|
13
|
+
/** All common tools allowed with rate limits. Dangerous patterns denied. */
|
|
14
|
+
export const STANDARD = {
|
|
15
|
+
mode: 'allowlist',
|
|
16
|
+
constraints: {
|
|
17
|
+
filesystem_read: { name: 'filesystem_read', allowed: true, max_calls_per_minute: 30 },
|
|
18
|
+
filesystem_write: { name: 'filesystem_write', allowed: true, max_calls_per_minute: 30, denied_patterns: ['/etc/', '/sys/', '/proc/'] },
|
|
19
|
+
shell_execute: { name: 'shell_execute', allowed: true, max_calls_per_minute: 10, denied_patterns: ['rm -rf', 'mkfs', 'dd if=', ':(){:|:&};:'] },
|
|
20
|
+
web_search: { name: 'web_search', allowed: true, max_calls_per_minute: 20 },
|
|
21
|
+
web_fetch: { name: 'web_fetch', allowed: true, max_calls_per_minute: 20 },
|
|
22
|
+
send_message: { name: 'send_message', allowed: true, max_calls_per_minute: 5 },
|
|
23
|
+
calendar_create: { name: 'calendar_create', allowed: true, max_calls_per_minute: 5 },
|
|
24
|
+
memory_search: { name: 'memory_search', allowed: true, max_calls_per_minute: 30 },
|
|
25
|
+
memory_store: { name: 'memory_store', allowed: true, max_calls_per_minute: 10 },
|
|
26
|
+
code_execute: { name: 'code_execute', allowed: true, max_calls_per_minute: 10 },
|
|
27
|
+
},
|
|
28
|
+
};
|
|
29
|
+
/** Explicit allowlist only. All unrecognized tools denied. Low rate limits. */
|
|
30
|
+
export const RESTRICTIVE = {
|
|
31
|
+
mode: 'allowlist',
|
|
32
|
+
constraints: {
|
|
33
|
+
filesystem_read: { name: 'filesystem_read', allowed: true, max_calls_per_minute: 10, path_prefix: '/home' },
|
|
34
|
+
web_search: { name: 'web_search', allowed: true, max_calls_per_minute: 5 },
|
|
35
|
+
memory_search: { name: 'memory_search', allowed: true, max_calls_per_minute: 10 },
|
|
36
|
+
},
|
|
37
|
+
};
|
|
38
|
+
export const PROFILES = {
|
|
39
|
+
permissive: PERMISSIVE,
|
|
40
|
+
standard: STANDARD,
|
|
41
|
+
restrictive: RESTRICTIVE,
|
|
42
|
+
};
|
|
43
|
+
//# sourceMappingURL=profiles.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../src/proxy/profiles.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,yDAAyD;AACzD,MAAM,CAAC,MAAM,UAAU,GAAe;IACpC,IAAI,EAAE,YAAY;IAClB,WAAW,EAAE,EAAE;CAChB,CAAC;AAEF,4EAA4E;AAC5E,MAAM,CAAC,MAAM,QAAQ,GAAe;IAClC,IAAI,EAAE,WAAW;IACjB,WAAW,EAAE;QACX,eAAe,EAAI,EAAE,IAAI,EAAE,iBAAiB,EAAI,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE;QACzF,gBAAgB,EAAG,EAAE,IAAI,EAAE,kBAAkB,EAAG,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE;QACxI,aAAa,EAAM,EAAE,IAAI,EAAE,eAAe,EAAM,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,EAAE;QACvJ,UAAU,EAAS,EAAE,IAAI,EAAE,YAAY,EAAS,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE;QACzF,SAAS,EAAU,EAAE,IAAI,EAAE,WAAW,EAAU,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE;QACzF,YAAY,EAAO,EAAE,IAAI,EAAE,cAAc,EAAO,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,CAAC,EAAE;QACxF,eAAe,EAAI,EAAE,IAAI,EAAE,iBAAiB,EAAI,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,CAAC,EAAE;QACxF,aAAa,EAAM,EAAE,IAAI,EAAE,eAAe,EAAM,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE;QACzF,YAAY,EAAO,EAAE,IAAI,EAAE,cAAc,EAAO,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE;QACzF,YAAY,EAAO,EAAE,IAAI,EAAE,cAAc,EAAO,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE;KAC1F;CACF,CAAC;AAEF,+EAA+E;AAC/E,MAAM,CAAC,MAAM,WAAW,GAAe;IACrC,IAAI,EAAE,WAAW;IACjB,WAAW,EAAE;QACX,eAAe,EAAG,EAAE,IAAI,EAAE,iBAAiB,EAAG,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE;QAC7G,UAAU,EAAQ,EAAE,IAAI,EAAE,YAAY,EAAQ,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,CAAC,EAAE;QACtF,aAAa,EAAK,EAAE,IAAI,EAAE,eAAe,EAAK,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE;KACxF;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAA+B;IAClD,UAAU,EAAE,UAAU;IACtB,QAAQ,EAAE,QAAQ;IAClB,WAAW,EAAE,WAAW;CACzB,CAAC"}
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AGA Governance Proxy Server
|
|
3
|
+
* TCP proxy that intercepts MCP JSON-RPC 2.0 tool calls,
|
|
4
|
+
* evaluates them against a sealed policy, and produces
|
|
5
|
+
* Ed25519-signed governance receipts.
|
|
6
|
+
*
|
|
7
|
+
* Receipt format: Ed25519-SHA256-JCS (canonical across TS gateway,
|
|
8
|
+
* Python SDK, Go CLI, and browser verifier).
|
|
9
|
+
*
|
|
10
|
+
* Architecture: Client → Proxy (:18800) → Downstream MCP Server
|
|
11
|
+
* The proxy holds ALL signing keys. The client holds NONE.
|
|
12
|
+
*
|
|
13
|
+
* Patent: USPTO App. No. 19/433,835
|
|
14
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
15
|
+
* SPDX-License-Identifier: MIT
|
|
16
|
+
*/
|
|
17
|
+
import { EventEmitter } from 'node:events';
|
|
18
|
+
import { type StdioBridgeOptions } from './stdio-bridge.js';
|
|
19
|
+
import type { ToolPolicy } from './types.js';
|
|
20
|
+
export interface GovernanceReceipt {
|
|
21
|
+
receipt_id: string;
|
|
22
|
+
receipt_version: string;
|
|
23
|
+
algorithm: string;
|
|
24
|
+
timestamp: string;
|
|
25
|
+
request_id: string | number | null;
|
|
26
|
+
method: string;
|
|
27
|
+
tool_name: string;
|
|
28
|
+
decision: 'PERMITTED' | 'DENIED';
|
|
29
|
+
reason: string;
|
|
30
|
+
policy_reference: string;
|
|
31
|
+
arguments_hash: string;
|
|
32
|
+
previous_receipt_hash: string;
|
|
33
|
+
gateway_id: string;
|
|
34
|
+
signature: string;
|
|
35
|
+
public_key: string;
|
|
36
|
+
}
|
|
37
|
+
export interface EvidenceBundle {
|
|
38
|
+
schema_version: string;
|
|
39
|
+
bundle_id: string;
|
|
40
|
+
algorithm: string;
|
|
41
|
+
generated_at: string;
|
|
42
|
+
gateway_id: string;
|
|
43
|
+
public_key: string;
|
|
44
|
+
policy_reference: string;
|
|
45
|
+
receipts: GovernanceReceipt[];
|
|
46
|
+
merkle_root: string;
|
|
47
|
+
merkle_proofs: MerkleProof[];
|
|
48
|
+
offline_capable: boolean;
|
|
49
|
+
}
|
|
50
|
+
export interface MerkleProof {
|
|
51
|
+
leaf_hash: string;
|
|
52
|
+
leaf_index: number;
|
|
53
|
+
siblings: string[];
|
|
54
|
+
directions: ('left' | 'right')[];
|
|
55
|
+
merkle_root: string;
|
|
56
|
+
}
|
|
57
|
+
export interface ProxyServerOptions {
|
|
58
|
+
port?: number;
|
|
59
|
+
policy?: ToolPolicy;
|
|
60
|
+
upstream?: StdioBridgeOptions;
|
|
61
|
+
upstreamUrl?: string;
|
|
62
|
+
gatewayId?: string;
|
|
63
|
+
}
|
|
64
|
+
export declare class GovernanceProxy extends EventEmitter {
|
|
65
|
+
private server;
|
|
66
|
+
private bridge;
|
|
67
|
+
private signingKP;
|
|
68
|
+
private policy;
|
|
69
|
+
private port;
|
|
70
|
+
private started;
|
|
71
|
+
private upstreamOptions;
|
|
72
|
+
private upstreamUrl;
|
|
73
|
+
private gatewayId;
|
|
74
|
+
private receipts;
|
|
75
|
+
private lastReceiptHash;
|
|
76
|
+
private policyHash;
|
|
77
|
+
private stats;
|
|
78
|
+
constructor(options?: ProxyServerOptions);
|
|
79
|
+
start(): Promise<void>;
|
|
80
|
+
stop(): Promise<void>;
|
|
81
|
+
private handleConnection;
|
|
82
|
+
private handleMessage;
|
|
83
|
+
private interceptToolCall;
|
|
84
|
+
private generateReceipt;
|
|
85
|
+
private merkleNodeHash;
|
|
86
|
+
private computeMerkleRoot;
|
|
87
|
+
private computeMerkleProof;
|
|
88
|
+
private forwardHttp;
|
|
89
|
+
private respond;
|
|
90
|
+
switchPolicy(newPolicy: ToolPolicy): Promise<void>;
|
|
91
|
+
exportBundle(): EvidenceBundle;
|
|
92
|
+
getStatus(): {
|
|
93
|
+
public_key: string;
|
|
94
|
+
permitted: number;
|
|
95
|
+
denied: number;
|
|
96
|
+
total: number;
|
|
97
|
+
started_at: string;
|
|
98
|
+
running: boolean;
|
|
99
|
+
port: number;
|
|
100
|
+
policy_mode: "allowlist" | "denylist" | "audit_only";
|
|
101
|
+
receipt_count: number;
|
|
102
|
+
};
|
|
103
|
+
getPublicKey(): string;
|
|
104
|
+
getReceipts(): GovernanceReceipt[];
|
|
105
|
+
}
|
|
106
|
+
//# sourceMappingURL=server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/proxy/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAO3C,OAAO,EAAe,KAAK,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAIzE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAK7C,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,WAAW,GAAG,QAAQ,CAAC;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;IACvB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,WAAW,EAAE,CAAC;IAC7B,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,EAAE,CAAC,MAAM,GAAG,OAAO,CAAC,EAAE,CAAC;IACjC,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,eAAgB,SAAQ,YAAY;IAC/C,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,MAAM,CAA4B;IAG1C,OAAO,CAAC,SAAS,CAAU;IAG3B,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,eAAe,CAA4B;IACnD,OAAO,CAAC,WAAW,CAAgB;IACnC,OAAO,CAAC,SAAS,CAAS;IAG1B,OAAO,CAAC,QAAQ,CAA2B;IAC3C,OAAO,CAAC,eAAe,CAAc;IACrC,OAAO,CAAC,UAAU,CAAc;IAGhC,OAAO,CAAC,KAAK,CAAyD;gBAE1D,OAAO,GAAE,kBAAuB;IAYtC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA4BtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB3B,OAAO,CAAC,gBAAgB;YAoBV,aAAa;YAgDb,iBAAiB;IAiF/B,OAAO,CAAC,eAAe;IA6CvB,OAAO,CAAC,cAAc;IAStB,OAAO,CAAC,iBAAiB;IAkBzB,OAAO,CAAC,kBAAkB;YAuCZ,WAAW;IAoBzB,OAAO,CAAC,OAAO;IAQT,YAAY,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAOxD,YAAY,IAAI,cAAc;IAsB9B,SAAS;;;;;;;;;;;IAWT,YAAY,IAAI,MAAM;IACtB,WAAW,IAAI,iBAAiB,EAAE;CACnC"}
|