@attested-intelligence/aga-mcp-server 2.0.1 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (241) hide show
  1. package/README.md +197 -124
  2. package/SECURITY.md +59 -0
  3. package/dist/adapters/openclaw.d.ts +43 -0
  4. package/dist/adapters/openclaw.d.ts.map +1 -0
  5. package/dist/adapters/openclaw.js +86 -0
  6. package/dist/adapters/openclaw.js.map +1 -0
  7. package/dist/core/bundle.d.ts +9 -2
  8. package/dist/core/bundle.d.ts.map +1 -1
  9. package/dist/core/bundle.js +16 -2
  10. package/dist/core/bundle.js.map +1 -1
  11. package/dist/core/identity.d.ts +19 -10
  12. package/dist/core/identity.d.ts.map +1 -1
  13. package/dist/core/identity.js +45 -11
  14. package/dist/core/identity.js.map +1 -1
  15. package/dist/core/portal.d.ts +10 -1
  16. package/dist/core/portal.d.ts.map +1 -1
  17. package/dist/core/portal.js +16 -12
  18. package/dist/core/portal.js.map +1 -1
  19. package/dist/core/types.d.ts +29 -2
  20. package/dist/core/types.d.ts.map +1 -1
  21. package/dist/crypto/index.d.ts +5 -6
  22. package/dist/crypto/index.d.ts.map +1 -1
  23. package/dist/crypto/index.js +5 -6
  24. package/dist/crypto/index.js.map +1 -1
  25. package/dist/crypto/sign.d.ts +2 -0
  26. package/dist/crypto/sign.d.ts.map +1 -1
  27. package/dist/crypto/sign.js +6 -0
  28. package/dist/crypto/sign.js.map +1 -1
  29. package/dist/index.js +1 -1
  30. package/dist/index.js.map +1 -1
  31. package/dist/middleware/governance.d.ts +7 -1
  32. package/dist/middleware/governance.d.ts.map +1 -1
  33. package/dist/middleware/governance.js +18 -11
  34. package/dist/middleware/governance.js.map +1 -1
  35. package/dist/proxy/evaluator.d.ts +14 -0
  36. package/dist/proxy/evaluator.d.ts.map +1 -0
  37. package/dist/proxy/evaluator.js +141 -0
  38. package/dist/proxy/evaluator.js.map +1 -0
  39. package/dist/proxy/index.d.ts +22 -0
  40. package/dist/proxy/index.d.ts.map +1 -0
  41. package/dist/proxy/index.js +230 -0
  42. package/dist/proxy/index.js.map +1 -0
  43. package/dist/proxy/profiles.d.ts +16 -0
  44. package/dist/proxy/profiles.d.ts.map +1 -0
  45. package/dist/proxy/profiles.js +43 -0
  46. package/dist/proxy/profiles.js.map +1 -0
  47. package/dist/proxy/server.d.ts +106 -0
  48. package/dist/proxy/server.d.ts.map +1 -0
  49. package/dist/proxy/server.js +389 -0
  50. package/dist/proxy/server.js.map +1 -0
  51. package/dist/proxy/stdio-bridge.d.ts +42 -0
  52. package/dist/proxy/stdio-bridge.d.ts.map +1 -0
  53. package/dist/proxy/stdio-bridge.js +142 -0
  54. package/dist/proxy/stdio-bridge.js.map +1 -0
  55. package/dist/proxy/types.d.ts +36 -0
  56. package/dist/proxy/types.d.ts.map +1 -0
  57. package/dist/proxy/types.js +11 -0
  58. package/dist/proxy/types.js.map +1 -0
  59. package/dist/proxy/verify.d.ts +29 -0
  60. package/dist/proxy/verify.d.ts.map +1 -0
  61. package/dist/proxy/verify.js +183 -0
  62. package/dist/proxy/verify.js.map +1 -0
  63. package/dist/server.d.ts +7 -3
  64. package/dist/server.d.ts.map +1 -1
  65. package/dist/server.js +342 -214
  66. package/dist/server.js.map +1 -1
  67. package/dist/storage/sqlite.js +6 -6
  68. package/independent-verifier/README.md +31 -0
  69. package/independent-verifier/package.json +18 -0
  70. package/independent-verifier/verify.ts +211 -0
  71. package/package.json +97 -71
  72. package/src/adapters/openclaw.ts +125 -0
  73. package/src/core/artifact.ts +45 -0
  74. package/src/core/attestation.ts +33 -0
  75. package/src/core/behavioral.ts +132 -0
  76. package/src/core/bundle.ts +45 -0
  77. package/src/core/chain.ts +72 -0
  78. package/src/core/checkpoint.ts +22 -0
  79. package/src/core/delegation.ts +146 -0
  80. package/src/core/disclosure.ts +32 -0
  81. package/src/core/identity.ts +62 -0
  82. package/src/core/index.ts +14 -0
  83. package/src/core/portal.ts +117 -0
  84. package/src/core/quarantine.ts +16 -0
  85. package/src/core/receipt.ts +33 -0
  86. package/src/core/subject.ts +11 -0
  87. package/src/core/types.ts +285 -0
  88. package/src/crypto/hash.ts +33 -0
  89. package/src/crypto/index.ts +5 -0
  90. package/src/crypto/merkle.ts +43 -0
  91. package/src/crypto/salt.ts +18 -0
  92. package/src/crypto/sign.ts +42 -0
  93. package/src/crypto/types.ts +19 -0
  94. package/src/index.ts +12 -0
  95. package/src/middleware/governance.ts +95 -0
  96. package/src/middleware/index.ts +1 -0
  97. package/src/proxy/evaluator.ts +176 -0
  98. package/src/proxy/index.ts +259 -0
  99. package/src/proxy/profiles.ts +48 -0
  100. package/src/proxy/server.ts +499 -0
  101. package/src/proxy/stdio-bridge.ts +171 -0
  102. package/src/proxy/types.ts +40 -0
  103. package/src/proxy/verify.ts +202 -0
  104. package/src/server.ts +435 -0
  105. package/src/storage/index.ts +3 -0
  106. package/src/storage/interface.ts +21 -0
  107. package/src/storage/memory.ts +27 -0
  108. package/src/storage/sqlite.ts +45 -0
  109. package/src/tools/README.md +13 -0
  110. package/src/utils/canonical.ts +14 -0
  111. package/src/utils/constants.ts +3 -0
  112. package/src/utils/timestamp.ts +12 -0
  113. package/src/utils/uuid.ts +2 -0
  114. package/dist/context.d.ts +0 -39
  115. package/dist/context.d.ts.map +0 -1
  116. package/dist/context.js +0 -113
  117. package/dist/context.js.map +0 -1
  118. package/dist/core/measurement.d.ts +0 -16
  119. package/dist/core/measurement.d.ts.map +0 -1
  120. package/dist/core/measurement.js +0 -18
  121. package/dist/core/measurement.js.map +0 -1
  122. package/dist/crypto/canonicalize.d.ts +0 -7
  123. package/dist/crypto/canonicalize.d.ts.map +0 -1
  124. package/dist/crypto/canonicalize.js +0 -21
  125. package/dist/crypto/canonicalize.js.map +0 -1
  126. package/dist/crypto/keys.d.ts +0 -10
  127. package/dist/crypto/keys.d.ts.map +0 -1
  128. package/dist/crypto/keys.js +0 -19
  129. package/dist/crypto/keys.js.map +0 -1
  130. package/dist/prompts/drift-analysis.d.ts +0 -13
  131. package/dist/prompts/drift-analysis.d.ts.map +0 -1
  132. package/dist/prompts/drift-analysis.js +0 -43
  133. package/dist/prompts/drift-analysis.js.map +0 -1
  134. package/dist/prompts/governance-report.d.ts +0 -7
  135. package/dist/prompts/governance-report.d.ts.map +0 -1
  136. package/dist/prompts/governance-report.js +0 -26
  137. package/dist/prompts/governance-report.js.map +0 -1
  138. package/dist/prompts/nccoe-demo.d.ts +0 -14
  139. package/dist/prompts/nccoe-demo.d.ts.map +0 -1
  140. package/dist/prompts/nccoe-demo.js +0 -47
  141. package/dist/prompts/nccoe-demo.js.map +0 -1
  142. package/dist/resources/cosai-mapping.d.ts +0 -24
  143. package/dist/resources/cosai-mapping.d.ts.map +0 -1
  144. package/dist/resources/cosai-mapping.js +0 -127
  145. package/dist/resources/cosai-mapping.js.map +0 -1
  146. package/dist/resources/crypto-primitives.d.ts +0 -3
  147. package/dist/resources/crypto-primitives.d.ts.map +0 -1
  148. package/dist/resources/crypto-primitives.js +0 -52
  149. package/dist/resources/crypto-primitives.js.map +0 -1
  150. package/dist/resources/sample-bundle.d.ts +0 -6
  151. package/dist/resources/sample-bundle.d.ts.map +0 -1
  152. package/dist/resources/sample-bundle.js +0 -58
  153. package/dist/resources/sample-bundle.js.map +0 -1
  154. package/dist/resources/specification.d.ts +0 -3
  155. package/dist/resources/specification.d.ts.map +0 -1
  156. package/dist/resources/specification.js +0 -161
  157. package/dist/resources/specification.js.map +0 -1
  158. package/dist/tools/create-artifact.d.ts +0 -25
  159. package/dist/tools/create-artifact.d.ts.map +0 -1
  160. package/dist/tools/create-artifact.js +0 -85
  161. package/dist/tools/create-artifact.js.map +0 -1
  162. package/dist/tools/delegate-subagent.d.ts +0 -18
  163. package/dist/tools/delegate-subagent.d.ts.map +0 -1
  164. package/dist/tools/delegate-subagent.js +0 -50
  165. package/dist/tools/delegate-subagent.js.map +0 -1
  166. package/dist/tools/disclose-claim.d.ts +0 -14
  167. package/dist/tools/disclose-claim.d.ts.map +0 -1
  168. package/dist/tools/disclose-claim.js +0 -23
  169. package/dist/tools/disclose-claim.js.map +0 -1
  170. package/dist/tools/export-bundle.d.ts +0 -8
  171. package/dist/tools/export-bundle.d.ts.map +0 -1
  172. package/dist/tools/export-bundle.js +0 -25
  173. package/dist/tools/export-bundle.js.map +0 -1
  174. package/dist/tools/full-lifecycle.d.ts +0 -16
  175. package/dist/tools/full-lifecycle.d.ts.map +0 -1
  176. package/dist/tools/full-lifecycle.js +0 -121
  177. package/dist/tools/full-lifecycle.js.map +0 -1
  178. package/dist/tools/generate-receipt.d.ts +0 -16
  179. package/dist/tools/generate-receipt.d.ts.map +0 -1
  180. package/dist/tools/generate-receipt.js +0 -31
  181. package/dist/tools/generate-receipt.js.map +0 -1
  182. package/dist/tools/get-chain.d.ts +0 -14
  183. package/dist/tools/get-chain.d.ts.map +0 -1
  184. package/dist/tools/get-chain.js +0 -45
  185. package/dist/tools/get-chain.js.map +0 -1
  186. package/dist/tools/get-portal-state.d.ts +0 -8
  187. package/dist/tools/get-portal-state.d.ts.map +0 -1
  188. package/dist/tools/get-portal-state.js +0 -15
  189. package/dist/tools/get-portal-state.js.map +0 -1
  190. package/dist/tools/init-chain.d.ts +0 -10
  191. package/dist/tools/init-chain.d.ts.map +0 -1
  192. package/dist/tools/init-chain.js +0 -13
  193. package/dist/tools/init-chain.js.map +0 -1
  194. package/dist/tools/measure-behavior.d.ts +0 -12
  195. package/dist/tools/measure-behavior.d.ts.map +0 -1
  196. package/dist/tools/measure-behavior.js +0 -29
  197. package/dist/tools/measure-behavior.js.map +0 -1
  198. package/dist/tools/measure-subject.d.ts +0 -15
  199. package/dist/tools/measure-subject.d.ts.map +0 -1
  200. package/dist/tools/measure-subject.js +0 -106
  201. package/dist/tools/measure-subject.js.map +0 -1
  202. package/dist/tools/quarantine-status.d.ts +0 -8
  203. package/dist/tools/quarantine-status.d.ts.map +0 -1
  204. package/dist/tools/quarantine-status.js +0 -16
  205. package/dist/tools/quarantine-status.js.map +0 -1
  206. package/dist/tools/revoke-artifact.d.ts +0 -13
  207. package/dist/tools/revoke-artifact.d.ts.map +0 -1
  208. package/dist/tools/revoke-artifact.js +0 -24
  209. package/dist/tools/revoke-artifact.js.map +0 -1
  210. package/dist/tools/rotate-keys.d.ts +0 -13
  211. package/dist/tools/rotate-keys.d.ts.map +0 -1
  212. package/dist/tools/rotate-keys.js +0 -39
  213. package/dist/tools/rotate-keys.js.map +0 -1
  214. package/dist/tools/server-info.d.ts +0 -8
  215. package/dist/tools/server-info.d.ts.map +0 -1
  216. package/dist/tools/server-info.js +0 -23
  217. package/dist/tools/server-info.js.map +0 -1
  218. package/dist/tools/set-verification-tier.d.ts +0 -11
  219. package/dist/tools/set-verification-tier.d.ts.map +0 -1
  220. package/dist/tools/set-verification-tier.js +0 -31
  221. package/dist/tools/set-verification-tier.js.map +0 -1
  222. package/dist/tools/start-monitoring.d.ts +0 -12
  223. package/dist/tools/start-monitoring.d.ts.map +0 -1
  224. package/dist/tools/start-monitoring.js +0 -17
  225. package/dist/tools/start-monitoring.js.map +0 -1
  226. package/dist/tools/trigger-measurement.d.ts +0 -15
  227. package/dist/tools/trigger-measurement.d.ts.map +0 -1
  228. package/dist/tools/trigger-measurement.js +0 -86
  229. package/dist/tools/trigger-measurement.js.map +0 -1
  230. package/dist/tools/verify-artifact.d.ts +0 -13
  231. package/dist/tools/verify-artifact.d.ts.map +0 -1
  232. package/dist/tools/verify-artifact.js +0 -6
  233. package/dist/tools/verify-artifact.js.map +0 -1
  234. package/dist/tools/verify-bundle.d.ts +0 -13
  235. package/dist/tools/verify-bundle.d.ts.map +0 -1
  236. package/dist/tools/verify-bundle.js +0 -6
  237. package/dist/tools/verify-bundle.js.map +0 -1
  238. package/dist/types.d.ts +0 -261
  239. package/dist/types.d.ts.map +0 -1
  240. package/dist/types.js +0 -8
  241. package/dist/types.js.map +0 -1
@@ -0,0 +1,29 @@
1
+ /**
2
+ * AGA Gateway Bundle Verifier
3
+ * Verifies Ed25519-SHA256-JCS evidence bundles.
4
+ * Uses ONLY @noble crypto - zero imports from ../core/ or ../crypto/.
5
+ *
6
+ * 5-step verification matching gateway, Python SDK, and browser verifier:
7
+ * 1. Algorithm check
8
+ * 2. Receipt signature verification
9
+ * 3. Chain integrity (previous_receipt_hash linkage)
10
+ * 4. Merkle inclusion proofs
11
+ * 5. Bundle consistency (leaf hashes match receipts)
12
+ *
13
+ * Patent: USPTO App. No. 19/433,835
14
+ * Copyright (c) 2026 Attested Intelligence Holdings LLC
15
+ * SPDX-License-Identifier: MIT
16
+ */
17
+ export interface GatewayVerificationResult {
18
+ algorithm_valid: boolean;
19
+ receipt_signatures_valid: boolean;
20
+ chain_integrity_valid: boolean;
21
+ merkle_proofs_valid: boolean;
22
+ bundle_consistent: boolean;
23
+ overall_valid: boolean;
24
+ receipts_checked: number;
25
+ algorithm: string;
26
+ error?: string;
27
+ }
28
+ export declare function verifyGatewayBundle(bundleJson: string): Promise<GatewayVerificationResult>;
29
+ //# sourceMappingURL=verify.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/proxy/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAiDH,MAAM,WAAW,yBAAyB;IACxC,eAAe,EAAE,OAAO,CAAC;IACzB,wBAAwB,EAAE,OAAO,CAAC;IAClC,qBAAqB,EAAE,OAAO,CAAC;IAC/B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID,wBAAsB,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC,CA2HhG"}
@@ -0,0 +1,183 @@
1
+ /**
2
+ * AGA Gateway Bundle Verifier
3
+ * Verifies Ed25519-SHA256-JCS evidence bundles.
4
+ * Uses ONLY @noble crypto - zero imports from ../core/ or ../crypto/.
5
+ *
6
+ * 5-step verification matching gateway, Python SDK, and browser verifier:
7
+ * 1. Algorithm check
8
+ * 2. Receipt signature verification
9
+ * 3. Chain integrity (previous_receipt_hash linkage)
10
+ * 4. Merkle inclusion proofs
11
+ * 5. Bundle consistency (leaf hashes match receipts)
12
+ *
13
+ * Patent: USPTO App. No. 19/433,835
14
+ * Copyright (c) 2026 Attested Intelligence Holdings LLC
15
+ * SPDX-License-Identifier: MIT
16
+ */
17
+ import * as ed from '@noble/ed25519';
18
+ import { sha512 } from '@noble/hashes/sha512';
19
+ import { sha256 } from '@noble/hashes/sha256';
20
+ import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
21
+ // Ed25519 setup
22
+ ed.etc.sha512Sync = (...m) => {
23
+ const total = m.reduce((n, a) => n + a.length, 0);
24
+ const buf = new Uint8Array(total);
25
+ let off = 0;
26
+ for (const a of m) {
27
+ buf.set(a, off);
28
+ off += a.length;
29
+ }
30
+ return sha512(buf);
31
+ };
32
+ const enc = new TextEncoder();
33
+ // ── RFC 8785 Canonicalization ────────────────────────────────
34
+ function deepSortKeys(obj) {
35
+ if (obj === null || obj === undefined || typeof obj !== 'object')
36
+ return obj;
37
+ if (Array.isArray(obj))
38
+ return obj.map(deepSortKeys);
39
+ const sorted = {};
40
+ for (const key of Object.keys(obj).sort()) {
41
+ sorted[key] = deepSortKeys(obj[key]);
42
+ }
43
+ return sorted;
44
+ }
45
+ function canonicalize(obj) {
46
+ return JSON.stringify(deepSortKeys(obj));
47
+ }
48
+ function sha256Hex(data) {
49
+ return bytesToHex(sha256(enc.encode(data)));
50
+ }
51
+ function merkleNodeHash(leftHex, rightHex) {
52
+ const left = hexToBytes(leftHex);
53
+ const right = hexToBytes(rightHex);
54
+ const combined = new Uint8Array(left.length + right.length);
55
+ combined.set(left, 0);
56
+ combined.set(right, left.length);
57
+ return bytesToHex(sha256(combined));
58
+ }
59
+ // ── 5-step verification ─────────────────────────────────────
60
+ export async function verifyGatewayBundle(bundleJson) {
61
+ let bundle;
62
+ try {
63
+ bundle = JSON.parse(bundleJson);
64
+ }
65
+ catch {
66
+ return {
67
+ algorithm_valid: false, receipt_signatures_valid: false,
68
+ chain_integrity_valid: false, merkle_proofs_valid: false,
69
+ bundle_consistent: false, overall_valid: false,
70
+ receipts_checked: 0, algorithm: '', error: 'Invalid JSON',
71
+ };
72
+ }
73
+ const result = {
74
+ algorithm_valid: false, receipt_signatures_valid: false,
75
+ chain_integrity_valid: false, merkle_proofs_valid: false,
76
+ bundle_consistent: false, overall_valid: false,
77
+ receipts_checked: bundle.receipts?.length ?? 0,
78
+ algorithm: bundle.algorithm ?? '',
79
+ };
80
+ // Step 1: Algorithm
81
+ if (bundle.algorithm !== 'Ed25519-SHA256-JCS') {
82
+ result.error = `unsupported algorithm: ${bundle.algorithm}`;
83
+ return result;
84
+ }
85
+ for (const r of bundle.receipts) {
86
+ if (r.algorithm !== 'Ed25519-SHA256-JCS') {
87
+ result.error = `receipt has wrong algorithm: ${r.algorithm}`;
88
+ return result;
89
+ }
90
+ }
91
+ result.algorithm_valid = true;
92
+ // Step 2: Receipt signatures
93
+ try {
94
+ for (const receipt of bundle.receipts) {
95
+ const { signature, ...unsigned } = receipt;
96
+ const canonical = canonicalize(unsigned);
97
+ const sig = hexToBytes(signature);
98
+ const pk = hexToBytes(receipt.public_key);
99
+ if (!ed.verify(sig, enc.encode(canonical), pk)) {
100
+ result.error = `Receipt ${receipt.receipt_id} signature failed`;
101
+ return result;
102
+ }
103
+ }
104
+ result.receipt_signatures_valid = true;
105
+ }
106
+ catch (e) {
107
+ result.error = `signature verification error: ${e}`;
108
+ return result;
109
+ }
110
+ // Step 3: Chain integrity
111
+ try {
112
+ const receipts = bundle.receipts;
113
+ if (receipts.length > 0 && receipts[0].previous_receipt_hash !== '') {
114
+ result.error = 'First receipt previous_receipt_hash must be empty';
115
+ return result;
116
+ }
117
+ for (let i = 1; i < receipts.length; i++) {
118
+ const expectedHash = sha256Hex(canonicalize(receipts[i - 1]));
119
+ if (receipts[i].previous_receipt_hash !== expectedHash) {
120
+ result.error = `Chain break at receipt ${i}`;
121
+ return result;
122
+ }
123
+ }
124
+ result.chain_integrity_valid = true;
125
+ }
126
+ catch (e) {
127
+ result.error = `chain integrity error: ${e}`;
128
+ return result;
129
+ }
130
+ // Step 4: Merkle proofs
131
+ try {
132
+ for (const proof of bundle.merkle_proofs) {
133
+ let currentHash = proof.leaf_hash;
134
+ for (let i = 0; i < proof.siblings.length; i++) {
135
+ if (proof.directions[i] === 'left') {
136
+ currentHash = merkleNodeHash(proof.siblings[i], currentHash);
137
+ }
138
+ else {
139
+ currentHash = merkleNodeHash(currentHash, proof.siblings[i]);
140
+ }
141
+ }
142
+ if (currentHash !== bundle.merkle_root) {
143
+ result.error = `Merkle proof failed for leaf ${proof.leaf_index}`;
144
+ return result;
145
+ }
146
+ if (proof.merkle_root !== bundle.merkle_root) {
147
+ result.error = `Proof root mismatch at leaf ${proof.leaf_index}`;
148
+ return result;
149
+ }
150
+ }
151
+ result.merkle_proofs_valid = true;
152
+ }
153
+ catch (e) {
154
+ result.error = `merkle proof error: ${e}`;
155
+ return result;
156
+ }
157
+ // Step 5: Bundle consistency
158
+ try {
159
+ if (bundle.merkle_proofs.length !== bundle.receipts.length) {
160
+ result.error = 'Proof count != receipt count';
161
+ return result;
162
+ }
163
+ for (let i = 0; i < bundle.receipts.length; i++) {
164
+ const leafHash = sha256Hex(canonicalize(bundle.receipts[i]));
165
+ if (bundle.merkle_proofs[i].leaf_hash !== leafHash) {
166
+ result.error = `Leaf hash mismatch at receipt ${i}`;
167
+ return result;
168
+ }
169
+ if (bundle.merkle_proofs[i].leaf_index !== i) {
170
+ result.error = `Leaf index mismatch at receipt ${i}`;
171
+ return result;
172
+ }
173
+ }
174
+ result.bundle_consistent = true;
175
+ }
176
+ catch (e) {
177
+ result.error = `consistency error: ${e}`;
178
+ return result;
179
+ }
180
+ result.overall_valid = true;
181
+ return result;
182
+ }
183
+ //# sourceMappingURL=verify.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/proxy/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAE7D,gBAAgB;AAChB,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAe,EAAE,EAAE;IACzC,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAAC,CAAC;IACxD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,gEAAgE;AAEhE,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC7E,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAE,GAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5D,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACtB,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACjC,OAAO,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;AACtC,CAAC;AAgBD,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,UAAkB;IAC1D,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,eAAe,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK;YACvD,qBAAqB,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK;YACxD,iBAAiB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;YAC9C,gBAAgB,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,cAAc;SAC1D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAA8B;QACxC,eAAe,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK;QACvD,qBAAqB,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK;QACxD,iBAAiB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;QAC9C,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;QAC9C,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,EAAE;KAClC,CAAC;IAEF,oBAAoB;IACpB,IAAI,MAAM,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;QAC9C,MAAM,CAAC,KAAK,GAAG,0BAA0B,MAAM,CAAC,SAAS,EAAE,CAAC;QAC5D,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,IAAI,CAAC,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;YACzC,MAAM,CAAC,KAAK,GAAG,gCAAgC,CAAC,CAAC,SAAS,EAAE,CAAC;YAC7D,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IACD,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC;IAE9B,6BAA6B;IAC7B,IAAI,CAAC;QACH,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,OAAO,CAAC;YAC3C,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;YAClC,MAAM,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC1C,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;gBAC/C,MAAM,CAAC,KAAK,GAAG,WAAW,OAAO,CAAC,UAAU,mBAAmB,CAAC;gBAChE,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,wBAAwB,GAAG,IAAI,CAAC;IACzC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,iCAAiC,CAAC,EAAE,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0BAA0B;IAC1B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB,KAAK,EAAE,EAAE,CAAC;YACpE,MAAM,CAAC,KAAK,GAAG,mDAAmD,CAAC;YACnE,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB,KAAK,YAAY,EAAE,CAAC;gBACvD,MAAM,CAAC,KAAK,GAAG,0BAA0B,CAAC,EAAE,CAAC;gBAC7C,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,qBAAqB,GAAG,IAAI,CAAC;IACtC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,0BAA0B,CAAC,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,wBAAwB;IACxB,IAAI,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzC,IAAI,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC/C,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;oBACnC,WAAW,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;gBAC/D,CAAC;qBAAM,CAAC;oBACN,WAAW,GAAG,cAAc,CAAC,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;YACD,IAAI,WAAW,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvC,MAAM,CAAC,KAAK,GAAG,gCAAgC,KAAK,CAAC,UAAU,EAAE,CAAC;gBAClE,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,KAAK,CAAC,WAAW,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;gBAC7C,MAAM,CAAC,KAAK,GAAG,+BAA+B,KAAK,CAAC,UAAU,EAAE,CAAC;gBACjE,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,mBAAmB,GAAG,IAAI,CAAC;IACpC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,uBAAuB,CAAC,EAAE,CAAC;QAC1C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC;QACH,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,CAAC,KAAK,GAAG,8BAA8B,CAAC;YAC9C,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBACnD,MAAM,CAAC,KAAK,GAAG,iCAAiC,CAAC,EAAE,CAAC;gBACpD,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBAC7C,MAAM,CAAC,KAAK,GAAG,kCAAkC,CAAC,EAAE,CAAC;gBACrD,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAClC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,sBAAsB,CAAC,EAAE,CAAC;QACzC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;IAC5B,OAAO,MAAM,CAAC;AAChB,CAAC"}
package/dist/server.d.ts CHANGED
@@ -1,8 +1,12 @@
1
1
  /**
2
- * AGA MCP Server V2.0.0 - The Portal (ref 150) as an MCP service.
2
+ * AGA MCP Server. The Portal (ref 150) as an MCP service.
3
3
  *
4
- * 20 tools, 3 resources, 3 prompts.
5
- * NIST-2025-0035, NCCoE AI Agent Identity and Authorization
4
+ * V3 NIST-aligned behaviors:
5
+ * 1. Every measurement generates a receipt (match OR mismatch)
6
+ * 2. TTL checked on every measurement (fail-closed)
7
+ * 3. Mid-session revocation via revoke_artifact tool
8
+ * 4. Governance middleware: portal state checked before tool execution
9
+ * 5. Auto-chaining: every operation writes to continuity chain
6
10
  */
7
11
  import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
8
12
  export declare function createAGAServer(): Promise<McpServer>;
@@ -1 +1 @@
1
- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAwCpE,wBAAsB,eAAe,IAAI,OAAO,CAAC,SAAS,CAAC,CAiW1D"}
1
+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAiDpE,wBAAsB,eAAe,IAAI,OAAO,CAAC,SAAS,CAAC,CAuX1D"}