@attested-intelligence/aga-mcp-server 2.0.1 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/openclaw.d.ts +43 -0
- package/dist/adapters/openclaw.d.ts.map +1 -0
- package/dist/adapters/openclaw.js +86 -0
- package/dist/adapters/openclaw.js.map +1 -0
- package/dist/proxy/evaluator.d.ts +14 -0
- package/dist/proxy/evaluator.d.ts.map +1 -0
- package/dist/proxy/evaluator.js +141 -0
- package/dist/proxy/evaluator.js.map +1 -0
- package/dist/proxy/index.d.ts +22 -0
- package/dist/proxy/index.d.ts.map +1 -0
- package/dist/proxy/index.js +230 -0
- package/dist/proxy/index.js.map +1 -0
- package/dist/proxy/profiles.d.ts +16 -0
- package/dist/proxy/profiles.d.ts.map +1 -0
- package/dist/proxy/profiles.js +43 -0
- package/dist/proxy/profiles.js.map +1 -0
- package/dist/proxy/server.d.ts +106 -0
- package/dist/proxy/server.d.ts.map +1 -0
- package/dist/proxy/server.js +389 -0
- package/dist/proxy/server.js.map +1 -0
- package/dist/proxy/stdio-bridge.d.ts +42 -0
- package/dist/proxy/stdio-bridge.d.ts.map +1 -0
- package/dist/proxy/stdio-bridge.js +142 -0
- package/dist/proxy/stdio-bridge.js.map +1 -0
- package/dist/proxy/types.d.ts +36 -0
- package/dist/proxy/types.d.ts.map +1 -0
- package/dist/proxy/types.js +11 -0
- package/dist/proxy/types.js.map +1 -0
- package/dist/proxy/verify.d.ts +29 -0
- package/dist/proxy/verify.d.ts.map +1 -0
- package/dist/proxy/verify.js +183 -0
- package/dist/proxy/verify.js.map +1 -0
- package/package.json +8 -3
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AGA Governance Proxy - Stdio Bridge
|
|
3
|
+
* Spawns a downstream MCP server as a child process and manages
|
|
4
|
+
* JSON-RPC message framing over stdin/stdout.
|
|
5
|
+
*
|
|
6
|
+
* Patent: USPTO App. No. 19/433,835
|
|
7
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
8
|
+
* SPDX-License-Identifier: MIT
|
|
9
|
+
*/
|
|
10
|
+
import { spawn } from 'node:child_process';
|
|
11
|
+
import { EventEmitter } from 'node:events';
|
|
12
|
+
/**
|
|
13
|
+
* Bridges JSON-RPC messages to/from a child process via stdio.
|
|
14
|
+
* Handles newline-delimited JSON framing.
|
|
15
|
+
*/
|
|
16
|
+
export class StdioBridge extends EventEmitter {
|
|
17
|
+
options;
|
|
18
|
+
child = null;
|
|
19
|
+
buffer = '';
|
|
20
|
+
pendingRequests = new Map();
|
|
21
|
+
constructor(options) {
|
|
22
|
+
super();
|
|
23
|
+
this.options = options;
|
|
24
|
+
}
|
|
25
|
+
async start() {
|
|
26
|
+
const { command, args = [], env, cwd } = this.options;
|
|
27
|
+
this.child = spawn(command, args, {
|
|
28
|
+
stdio: ['pipe', 'pipe', 'pipe'],
|
|
29
|
+
env: { ...process.env, ...env },
|
|
30
|
+
cwd,
|
|
31
|
+
shell: process.platform === 'win32',
|
|
32
|
+
});
|
|
33
|
+
this.child.stdout.on('data', (chunk) => {
|
|
34
|
+
this.buffer += chunk.toString();
|
|
35
|
+
this.processBuffer();
|
|
36
|
+
});
|
|
37
|
+
this.child.stderr.on('data', (chunk) => {
|
|
38
|
+
// Log downstream stderr but don't treat as JSON-RPC
|
|
39
|
+
process.stderr.write(`[downstream] ${chunk.toString()}`);
|
|
40
|
+
});
|
|
41
|
+
this.child.on('exit', (code, signal) => {
|
|
42
|
+
this.emit('exit', code, signal);
|
|
43
|
+
this.rejectAllPending(new Error(`Downstream process exited: code=${code} signal=${signal}`));
|
|
44
|
+
});
|
|
45
|
+
this.child.on('error', (err) => {
|
|
46
|
+
this.emit('error', err);
|
|
47
|
+
this.rejectAllPending(err);
|
|
48
|
+
});
|
|
49
|
+
}
|
|
50
|
+
processBuffer() {
|
|
51
|
+
const lines = this.buffer.split('\n');
|
|
52
|
+
// Keep the last (possibly incomplete) line in the buffer
|
|
53
|
+
this.buffer = lines.pop() || '';
|
|
54
|
+
for (const line of lines) {
|
|
55
|
+
const trimmed = line.trim();
|
|
56
|
+
if (!trimmed)
|
|
57
|
+
continue;
|
|
58
|
+
try {
|
|
59
|
+
const msg = JSON.parse(trimmed);
|
|
60
|
+
this.handleMessage(msg);
|
|
61
|
+
}
|
|
62
|
+
catch {
|
|
63
|
+
// Not valid JSON - skip
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
handleMessage(msg) {
|
|
68
|
+
// If it has an id and either result or error, it's a response
|
|
69
|
+
if ('id' in msg && ('result' in msg || 'error' in msg)) {
|
|
70
|
+
const id = msg.id;
|
|
71
|
+
const pending = this.pendingRequests.get(id);
|
|
72
|
+
if (pending) {
|
|
73
|
+
clearTimeout(pending.timer);
|
|
74
|
+
this.pendingRequests.delete(id);
|
|
75
|
+
pending.resolve(msg);
|
|
76
|
+
}
|
|
77
|
+
return;
|
|
78
|
+
}
|
|
79
|
+
// Notifications from downstream (no id, or has method) - emit for proxy to handle
|
|
80
|
+
this.emit('notification', msg);
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* Send a JSON-RPC request to the downstream server and wait for a response.
|
|
84
|
+
*/
|
|
85
|
+
async send(message, timeoutMs = 30_000) {
|
|
86
|
+
if (!this.child?.stdin?.writable) {
|
|
87
|
+
throw new Error('Downstream process not running');
|
|
88
|
+
}
|
|
89
|
+
const id = message.id;
|
|
90
|
+
// Notifications (no id) - fire and forget
|
|
91
|
+
if (id === undefined || id === null) {
|
|
92
|
+
this.child.stdin.write(JSON.stringify(message) + '\n');
|
|
93
|
+
return { jsonrpc: '2.0', result: null, id: null };
|
|
94
|
+
}
|
|
95
|
+
return new Promise((resolve, reject) => {
|
|
96
|
+
const timer = setTimeout(() => {
|
|
97
|
+
this.pendingRequests.delete(id);
|
|
98
|
+
reject(new Error(`Timeout waiting for response to request ${id}`));
|
|
99
|
+
}, timeoutMs);
|
|
100
|
+
this.pendingRequests.set(id, { resolve, reject, timer });
|
|
101
|
+
this.child.stdin.write(JSON.stringify(message) + '\n');
|
|
102
|
+
});
|
|
103
|
+
}
|
|
104
|
+
/**
|
|
105
|
+
* Send a raw message without waiting for a response.
|
|
106
|
+
*/
|
|
107
|
+
sendRaw(message) {
|
|
108
|
+
if (!this.child?.stdin?.writable) {
|
|
109
|
+
throw new Error('Downstream process not running');
|
|
110
|
+
}
|
|
111
|
+
this.child.stdin.write(JSON.stringify(message) + '\n');
|
|
112
|
+
}
|
|
113
|
+
async stop() {
|
|
114
|
+
this.rejectAllPending(new Error('Bridge stopped'));
|
|
115
|
+
if (this.child) {
|
|
116
|
+
this.child.kill('SIGTERM');
|
|
117
|
+
// Give it a moment, then force kill
|
|
118
|
+
await new Promise(resolve => {
|
|
119
|
+
const timer = setTimeout(() => {
|
|
120
|
+
this.child?.kill('SIGKILL');
|
|
121
|
+
resolve();
|
|
122
|
+
}, 3000);
|
|
123
|
+
this.child.on('exit', () => {
|
|
124
|
+
clearTimeout(timer);
|
|
125
|
+
resolve();
|
|
126
|
+
});
|
|
127
|
+
});
|
|
128
|
+
this.child = null;
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
get running() {
|
|
132
|
+
return this.child !== null && this.child.exitCode === null;
|
|
133
|
+
}
|
|
134
|
+
rejectAllPending(err) {
|
|
135
|
+
for (const [id, pending] of this.pendingRequests) {
|
|
136
|
+
clearTimeout(pending.timer);
|
|
137
|
+
pending.reject(err);
|
|
138
|
+
}
|
|
139
|
+
this.pendingRequests.clear();
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
//# sourceMappingURL=stdio-bridge.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"stdio-bridge.js","sourceRoot":"","sources":["../../src/proxy/stdio-bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,KAAK,EAAqB,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAS3C;;;GAGG;AACH,MAAM,OAAO,WAAY,SAAQ,YAAY;IASvB;IARZ,KAAK,GAAwB,IAAI,CAAC;IAClC,MAAM,GAAG,EAAE,CAAC;IACZ,eAAe,GAAG,IAAI,GAAG,EAI7B,CAAC;IAEL,YAAoB,OAA2B;QAC7C,KAAK,EAAE,CAAC;QADU,YAAO,GAAP,OAAO,CAAoB;IAE/C,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QAEtD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;YAChC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE;YAC/B,GAAG;YACH,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC9C,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAChC,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC9C,oDAAoD;YACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;YAChC,IAAI,CAAC,gBAAgB,CAAC,IAAI,KAAK,CAAC,mCAAmC,IAAI,WAAW,MAAM,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YAC7B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACxB,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa;QACnB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,yDAAyD;QACzD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QAEhC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;gBAC3D,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,GAA4B;QAChD,8DAA8D;QAC9D,IAAI,IAAI,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,GAAG,IAAI,OAAO,IAAI,GAAG,CAAC,EAAE,CAAC;YACvD,MAAM,EAAE,GAAG,GAAG,CAAC,EAAqB,CAAC;YACrC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7C,IAAI,OAAO,EAAE,CAAC;gBACZ,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC5B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAChC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;YACD,OAAO;QACT,CAAC;QAED,kFAAkF;QAClF,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAgC,EAAE,SAAS,GAAG,MAAM;QAC7D,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,EAAE,GAAG,OAAO,CAAC,EAAiC,CAAC;QAErD,0CAA0C;QAC1C,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACpC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;YACvD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACpD,CAAC;QAED,OAAO,IAAI,OAAO,CAA0B,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC9D,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAChC,MAAM,CAAC,IAAI,KAAK,CAAC,2CAA2C,EAAE,EAAE,CAAC,CAAC,CAAC;YACrE,CAAC,EAAE,SAAS,CAAC,CAAC;YAEd,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACzD,IAAI,CAAC,KAAM,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,OAAgC;QACtC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC3B,oCAAoC;YACpC,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE;gBAChC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;oBAC5B,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;oBAC5B,OAAO,EAAE,CAAC;gBACZ,CAAC,EAAE,IAAI,CAAC,CAAC;gBACT,IAAI,CAAC,KAAM,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;oBAC1B,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,KAAK,KAAK,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,KAAK,IAAI,CAAC;IAC7D,CAAC;IAEO,gBAAgB,CAAC,GAAU;QACjC,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACjD,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC5B,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACtB,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;IAC/B,CAAC;CACF"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AGA Governance Proxy - Types
|
|
3
|
+
* Adapted from aga-mcp-gateway/src/governance/types.ts
|
|
4
|
+
*
|
|
5
|
+
* Patent: USPTO App. No. 19/433,835
|
|
6
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
7
|
+
* SPDX-License-Identifier: MIT
|
|
8
|
+
*/
|
|
9
|
+
export interface ToolConstraint {
|
|
10
|
+
name: string;
|
|
11
|
+
allowed: boolean;
|
|
12
|
+
max_calls_per_minute?: number;
|
|
13
|
+
path_prefix?: string;
|
|
14
|
+
path_keys?: string[];
|
|
15
|
+
denied_patterns?: string[];
|
|
16
|
+
}
|
|
17
|
+
export interface ToolPolicy {
|
|
18
|
+
mode: 'allowlist' | 'denylist' | 'audit_only';
|
|
19
|
+
constraints: Record<string, ToolConstraint>;
|
|
20
|
+
}
|
|
21
|
+
export interface ToolCallDecision {
|
|
22
|
+
allowed: boolean;
|
|
23
|
+
reason: string;
|
|
24
|
+
tool_name: string;
|
|
25
|
+
policy_mode: string;
|
|
26
|
+
}
|
|
27
|
+
export interface ProxyConfig {
|
|
28
|
+
port: number;
|
|
29
|
+
upstream: string;
|
|
30
|
+
upstreamType: 'stdio' | 'http';
|
|
31
|
+
policy: ToolPolicy;
|
|
32
|
+
dataDir: string;
|
|
33
|
+
}
|
|
34
|
+
export declare const DEFAULT_PROXY_PORT = 18800;
|
|
35
|
+
export declare const DEFAULT_DATA_DIR = ".aga-proxy";
|
|
36
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/proxy/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,WAAW,GAAG,UAAU,GAAG,YAAY,CAAC;IAC9C,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAC7C;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,OAAO,GAAG,MAAM,CAAC;IAC/B,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,eAAO,MAAM,kBAAkB,QAAQ,CAAC;AACxC,eAAO,MAAM,gBAAgB,eAAe,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AGA Governance Proxy - Types
|
|
3
|
+
* Adapted from aga-mcp-gateway/src/governance/types.ts
|
|
4
|
+
*
|
|
5
|
+
* Patent: USPTO App. No. 19/433,835
|
|
6
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
7
|
+
* SPDX-License-Identifier: MIT
|
|
8
|
+
*/
|
|
9
|
+
export const DEFAULT_PROXY_PORT = 18800;
|
|
10
|
+
export const DEFAULT_DATA_DIR = '.aga-proxy';
|
|
11
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/proxy/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA+BH,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,CAAC;AACxC,MAAM,CAAC,MAAM,gBAAgB,GAAG,YAAY,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AGA Gateway Bundle Verifier
|
|
3
|
+
* Verifies Ed25519-SHA256-JCS evidence bundles.
|
|
4
|
+
* Uses ONLY @noble crypto - zero imports from ../core/ or ../crypto/.
|
|
5
|
+
*
|
|
6
|
+
* 5-step verification matching gateway, Python SDK, and browser verifier:
|
|
7
|
+
* 1. Algorithm check
|
|
8
|
+
* 2. Receipt signature verification
|
|
9
|
+
* 3. Chain integrity (previous_receipt_hash linkage)
|
|
10
|
+
* 4. Merkle inclusion proofs
|
|
11
|
+
* 5. Bundle consistency (leaf hashes match receipts)
|
|
12
|
+
*
|
|
13
|
+
* Patent: USPTO App. No. 19/433,835
|
|
14
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
15
|
+
* SPDX-License-Identifier: MIT
|
|
16
|
+
*/
|
|
17
|
+
export interface GatewayVerificationResult {
|
|
18
|
+
algorithm_valid: boolean;
|
|
19
|
+
receipt_signatures_valid: boolean;
|
|
20
|
+
chain_integrity_valid: boolean;
|
|
21
|
+
merkle_proofs_valid: boolean;
|
|
22
|
+
bundle_consistent: boolean;
|
|
23
|
+
overall_valid: boolean;
|
|
24
|
+
receipts_checked: number;
|
|
25
|
+
algorithm: string;
|
|
26
|
+
error?: string;
|
|
27
|
+
}
|
|
28
|
+
export declare function verifyGatewayBundle(bundleJson: string): Promise<GatewayVerificationResult>;
|
|
29
|
+
//# sourceMappingURL=verify.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/proxy/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAiDH,MAAM,WAAW,yBAAyB;IACxC,eAAe,EAAE,OAAO,CAAC;IACzB,wBAAwB,EAAE,OAAO,CAAC;IAClC,qBAAqB,EAAE,OAAO,CAAC;IAC/B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID,wBAAsB,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC,CA2HhG"}
|
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AGA Gateway Bundle Verifier
|
|
3
|
+
* Verifies Ed25519-SHA256-JCS evidence bundles.
|
|
4
|
+
* Uses ONLY @noble crypto - zero imports from ../core/ or ../crypto/.
|
|
5
|
+
*
|
|
6
|
+
* 5-step verification matching gateway, Python SDK, and browser verifier:
|
|
7
|
+
* 1. Algorithm check
|
|
8
|
+
* 2. Receipt signature verification
|
|
9
|
+
* 3. Chain integrity (previous_receipt_hash linkage)
|
|
10
|
+
* 4. Merkle inclusion proofs
|
|
11
|
+
* 5. Bundle consistency (leaf hashes match receipts)
|
|
12
|
+
*
|
|
13
|
+
* Patent: USPTO App. No. 19/433,835
|
|
14
|
+
* Copyright (c) 2026 Attested Intelligence Holdings LLC
|
|
15
|
+
* SPDX-License-Identifier: MIT
|
|
16
|
+
*/
|
|
17
|
+
import * as ed from '@noble/ed25519';
|
|
18
|
+
import { sha512 } from '@noble/hashes/sha512';
|
|
19
|
+
import { sha256 } from '@noble/hashes/sha256';
|
|
20
|
+
import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
|
|
21
|
+
// Ed25519 setup
|
|
22
|
+
ed.etc.sha512Sync = (...m) => {
|
|
23
|
+
const total = m.reduce((n, a) => n + a.length, 0);
|
|
24
|
+
const buf = new Uint8Array(total);
|
|
25
|
+
let off = 0;
|
|
26
|
+
for (const a of m) {
|
|
27
|
+
buf.set(a, off);
|
|
28
|
+
off += a.length;
|
|
29
|
+
}
|
|
30
|
+
return sha512(buf);
|
|
31
|
+
};
|
|
32
|
+
const enc = new TextEncoder();
|
|
33
|
+
// ── RFC 8785 Canonicalization ────────────────────────────────
|
|
34
|
+
function deepSortKeys(obj) {
|
|
35
|
+
if (obj === null || obj === undefined || typeof obj !== 'object')
|
|
36
|
+
return obj;
|
|
37
|
+
if (Array.isArray(obj))
|
|
38
|
+
return obj.map(deepSortKeys);
|
|
39
|
+
const sorted = {};
|
|
40
|
+
for (const key of Object.keys(obj).sort()) {
|
|
41
|
+
sorted[key] = deepSortKeys(obj[key]);
|
|
42
|
+
}
|
|
43
|
+
return sorted;
|
|
44
|
+
}
|
|
45
|
+
function canonicalize(obj) {
|
|
46
|
+
return JSON.stringify(deepSortKeys(obj));
|
|
47
|
+
}
|
|
48
|
+
function sha256Hex(data) {
|
|
49
|
+
return bytesToHex(sha256(enc.encode(data)));
|
|
50
|
+
}
|
|
51
|
+
function merkleNodeHash(leftHex, rightHex) {
|
|
52
|
+
const left = hexToBytes(leftHex);
|
|
53
|
+
const right = hexToBytes(rightHex);
|
|
54
|
+
const combined = new Uint8Array(left.length + right.length);
|
|
55
|
+
combined.set(left, 0);
|
|
56
|
+
combined.set(right, left.length);
|
|
57
|
+
return bytesToHex(sha256(combined));
|
|
58
|
+
}
|
|
59
|
+
// ── 5-step verification ─────────────────────────────────────
|
|
60
|
+
export async function verifyGatewayBundle(bundleJson) {
|
|
61
|
+
let bundle;
|
|
62
|
+
try {
|
|
63
|
+
bundle = JSON.parse(bundleJson);
|
|
64
|
+
}
|
|
65
|
+
catch {
|
|
66
|
+
return {
|
|
67
|
+
algorithm_valid: false, receipt_signatures_valid: false,
|
|
68
|
+
chain_integrity_valid: false, merkle_proofs_valid: false,
|
|
69
|
+
bundle_consistent: false, overall_valid: false,
|
|
70
|
+
receipts_checked: 0, algorithm: '', error: 'Invalid JSON',
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
const result = {
|
|
74
|
+
algorithm_valid: false, receipt_signatures_valid: false,
|
|
75
|
+
chain_integrity_valid: false, merkle_proofs_valid: false,
|
|
76
|
+
bundle_consistent: false, overall_valid: false,
|
|
77
|
+
receipts_checked: bundle.receipts?.length ?? 0,
|
|
78
|
+
algorithm: bundle.algorithm ?? '',
|
|
79
|
+
};
|
|
80
|
+
// Step 1: Algorithm
|
|
81
|
+
if (bundle.algorithm !== 'Ed25519-SHA256-JCS') {
|
|
82
|
+
result.error = `unsupported algorithm: ${bundle.algorithm}`;
|
|
83
|
+
return result;
|
|
84
|
+
}
|
|
85
|
+
for (const r of bundle.receipts) {
|
|
86
|
+
if (r.algorithm !== 'Ed25519-SHA256-JCS') {
|
|
87
|
+
result.error = `receipt has wrong algorithm: ${r.algorithm}`;
|
|
88
|
+
return result;
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
result.algorithm_valid = true;
|
|
92
|
+
// Step 2: Receipt signatures
|
|
93
|
+
try {
|
|
94
|
+
for (const receipt of bundle.receipts) {
|
|
95
|
+
const { signature, ...unsigned } = receipt;
|
|
96
|
+
const canonical = canonicalize(unsigned);
|
|
97
|
+
const sig = hexToBytes(signature);
|
|
98
|
+
const pk = hexToBytes(receipt.public_key);
|
|
99
|
+
if (!ed.verify(sig, enc.encode(canonical), pk)) {
|
|
100
|
+
result.error = `Receipt ${receipt.receipt_id} signature failed`;
|
|
101
|
+
return result;
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
result.receipt_signatures_valid = true;
|
|
105
|
+
}
|
|
106
|
+
catch (e) {
|
|
107
|
+
result.error = `signature verification error: ${e}`;
|
|
108
|
+
return result;
|
|
109
|
+
}
|
|
110
|
+
// Step 3: Chain integrity
|
|
111
|
+
try {
|
|
112
|
+
const receipts = bundle.receipts;
|
|
113
|
+
if (receipts.length > 0 && receipts[0].previous_receipt_hash !== '') {
|
|
114
|
+
result.error = 'First receipt previous_receipt_hash must be empty';
|
|
115
|
+
return result;
|
|
116
|
+
}
|
|
117
|
+
for (let i = 1; i < receipts.length; i++) {
|
|
118
|
+
const expectedHash = sha256Hex(canonicalize(receipts[i - 1]));
|
|
119
|
+
if (receipts[i].previous_receipt_hash !== expectedHash) {
|
|
120
|
+
result.error = `Chain break at receipt ${i}`;
|
|
121
|
+
return result;
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
result.chain_integrity_valid = true;
|
|
125
|
+
}
|
|
126
|
+
catch (e) {
|
|
127
|
+
result.error = `chain integrity error: ${e}`;
|
|
128
|
+
return result;
|
|
129
|
+
}
|
|
130
|
+
// Step 4: Merkle proofs
|
|
131
|
+
try {
|
|
132
|
+
for (const proof of bundle.merkle_proofs) {
|
|
133
|
+
let currentHash = proof.leaf_hash;
|
|
134
|
+
for (let i = 0; i < proof.siblings.length; i++) {
|
|
135
|
+
if (proof.directions[i] === 'left') {
|
|
136
|
+
currentHash = merkleNodeHash(proof.siblings[i], currentHash);
|
|
137
|
+
}
|
|
138
|
+
else {
|
|
139
|
+
currentHash = merkleNodeHash(currentHash, proof.siblings[i]);
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
if (currentHash !== bundle.merkle_root) {
|
|
143
|
+
result.error = `Merkle proof failed for leaf ${proof.leaf_index}`;
|
|
144
|
+
return result;
|
|
145
|
+
}
|
|
146
|
+
if (proof.merkle_root !== bundle.merkle_root) {
|
|
147
|
+
result.error = `Proof root mismatch at leaf ${proof.leaf_index}`;
|
|
148
|
+
return result;
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
result.merkle_proofs_valid = true;
|
|
152
|
+
}
|
|
153
|
+
catch (e) {
|
|
154
|
+
result.error = `merkle proof error: ${e}`;
|
|
155
|
+
return result;
|
|
156
|
+
}
|
|
157
|
+
// Step 5: Bundle consistency
|
|
158
|
+
try {
|
|
159
|
+
if (bundle.merkle_proofs.length !== bundle.receipts.length) {
|
|
160
|
+
result.error = 'Proof count != receipt count';
|
|
161
|
+
return result;
|
|
162
|
+
}
|
|
163
|
+
for (let i = 0; i < bundle.receipts.length; i++) {
|
|
164
|
+
const leafHash = sha256Hex(canonicalize(bundle.receipts[i]));
|
|
165
|
+
if (bundle.merkle_proofs[i].leaf_hash !== leafHash) {
|
|
166
|
+
result.error = `Leaf hash mismatch at receipt ${i}`;
|
|
167
|
+
return result;
|
|
168
|
+
}
|
|
169
|
+
if (bundle.merkle_proofs[i].leaf_index !== i) {
|
|
170
|
+
result.error = `Leaf index mismatch at receipt ${i}`;
|
|
171
|
+
return result;
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
result.bundle_consistent = true;
|
|
175
|
+
}
|
|
176
|
+
catch (e) {
|
|
177
|
+
result.error = `consistency error: ${e}`;
|
|
178
|
+
return result;
|
|
179
|
+
}
|
|
180
|
+
result.overall_valid = true;
|
|
181
|
+
return result;
|
|
182
|
+
}
|
|
183
|
+
//# sourceMappingURL=verify.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/proxy/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAE7D,gBAAgB;AAChB,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAe,EAAE,EAAE;IACzC,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAAC,CAAC;IACxD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,gEAAgE;AAEhE,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC7E,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAE,GAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5D,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACtB,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACjC,OAAO,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;AACtC,CAAC;AAgBD,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,UAAkB;IAC1D,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,eAAe,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK;YACvD,qBAAqB,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK;YACxD,iBAAiB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;YAC9C,gBAAgB,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,cAAc;SAC1D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAA8B;QACxC,eAAe,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK;QACvD,qBAAqB,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK;QACxD,iBAAiB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;QAC9C,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;QAC9C,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,EAAE;KAClC,CAAC;IAEF,oBAAoB;IACpB,IAAI,MAAM,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;QAC9C,MAAM,CAAC,KAAK,GAAG,0BAA0B,MAAM,CAAC,SAAS,EAAE,CAAC;QAC5D,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,IAAI,CAAC,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;YACzC,MAAM,CAAC,KAAK,GAAG,gCAAgC,CAAC,CAAC,SAAS,EAAE,CAAC;YAC7D,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IACD,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC;IAE9B,6BAA6B;IAC7B,IAAI,CAAC;QACH,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,OAAO,CAAC;YAC3C,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;YAClC,MAAM,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC1C,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;gBAC/C,MAAM,CAAC,KAAK,GAAG,WAAW,OAAO,CAAC,UAAU,mBAAmB,CAAC;gBAChE,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,wBAAwB,GAAG,IAAI,CAAC;IACzC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,iCAAiC,CAAC,EAAE,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0BAA0B;IAC1B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB,KAAK,EAAE,EAAE,CAAC;YACpE,MAAM,CAAC,KAAK,GAAG,mDAAmD,CAAC;YACnE,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB,KAAK,YAAY,EAAE,CAAC;gBACvD,MAAM,CAAC,KAAK,GAAG,0BAA0B,CAAC,EAAE,CAAC;gBAC7C,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,qBAAqB,GAAG,IAAI,CAAC;IACtC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,0BAA0B,CAAC,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,wBAAwB;IACxB,IAAI,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzC,IAAI,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC/C,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;oBACnC,WAAW,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;gBAC/D,CAAC;qBAAM,CAAC;oBACN,WAAW,GAAG,cAAc,CAAC,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;YACD,IAAI,WAAW,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvC,MAAM,CAAC,KAAK,GAAG,gCAAgC,KAAK,CAAC,UAAU,EAAE,CAAC;gBAClE,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,KAAK,CAAC,WAAW,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;gBAC7C,MAAM,CAAC,KAAK,GAAG,+BAA+B,KAAK,CAAC,UAAU,EAAE,CAAC;gBACjE,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,mBAAmB,GAAG,IAAI,CAAC;IACpC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,uBAAuB,CAAC,EAAE,CAAC;QAC1C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC;QACH,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,CAAC,KAAK,GAAG,8BAA8B,CAAC;YAC9C,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBACnD,MAAM,CAAC,KAAK,GAAG,iCAAiC,CAAC,EAAE,CAAC;gBACpD,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBAC7C,MAAM,CAAC,KAAK,GAAG,kCAAkC,CAAC,EAAE,CAAC;gBACrD,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAClC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,sBAAsB,CAAC,EAAE,CAAC;QACzC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;IAC5B,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@attested-intelligence/aga-mcp-server",
|
|
3
|
-
"version": "2.0
|
|
4
|
-
"description": "MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems. 20 tools, 3 resources, 3 prompts.",
|
|
3
|
+
"version": "2.1.0",
|
|
4
|
+
"description": "MCP server and governance proxy implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems. 20 tools, 3 resources, 3 prompts, governance proxy.",
|
|
5
5
|
"author": "Attested Intelligence Holdings LLC",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"type": "module",
|
|
@@ -13,7 +13,8 @@
|
|
|
13
13
|
"LICENSE"
|
|
14
14
|
],
|
|
15
15
|
"bin": {
|
|
16
|
-
"aga-mcp-server": "dist/index.js"
|
|
16
|
+
"aga-mcp-server": "dist/index.js",
|
|
17
|
+
"aga-proxy": "dist/proxy/index.js"
|
|
17
18
|
},
|
|
18
19
|
"scripts": {
|
|
19
20
|
"build": "tsc",
|
|
@@ -25,6 +26,9 @@
|
|
|
25
26
|
"test:core": "vitest run tests/core/",
|
|
26
27
|
"test:tools": "vitest run tests/tools/",
|
|
27
28
|
"test:integration": "vitest run tests/integration/",
|
|
29
|
+
"test:proxy": "vitest run tests/proxy/",
|
|
30
|
+
"proxy": "tsx src/proxy/index.ts",
|
|
31
|
+
"proxy:start": "tsx src/proxy/index.ts start",
|
|
28
32
|
"demo": "tsx scripts/demo.ts",
|
|
29
33
|
"benchmark": "tsx scripts/benchmark.ts",
|
|
30
34
|
"lint": "tsc --noEmit",
|
|
@@ -34,6 +38,7 @@
|
|
|
34
38
|
"@modelcontextprotocol/sdk": "^1.12.0",
|
|
35
39
|
"@noble/ed25519": "^2.1.0",
|
|
36
40
|
"@noble/hashes": "^1.7.0",
|
|
41
|
+
"commander": "^14.0.3",
|
|
37
42
|
"uuid": "^11.1.0",
|
|
38
43
|
"zod": "^3.24.0"
|
|
39
44
|
},
|