@attested-intelligence/aga-mcp-server 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (209) hide show
  1. package/README.md +197 -124
  2. package/SECURITY.md +59 -0
  3. package/dist/core/bundle.d.ts +9 -2
  4. package/dist/core/bundle.d.ts.map +1 -1
  5. package/dist/core/bundle.js +16 -2
  6. package/dist/core/bundle.js.map +1 -1
  7. package/dist/core/identity.d.ts +19 -10
  8. package/dist/core/identity.d.ts.map +1 -1
  9. package/dist/core/identity.js +45 -11
  10. package/dist/core/identity.js.map +1 -1
  11. package/dist/core/portal.d.ts +10 -1
  12. package/dist/core/portal.d.ts.map +1 -1
  13. package/dist/core/portal.js +16 -12
  14. package/dist/core/portal.js.map +1 -1
  15. package/dist/core/types.d.ts +29 -2
  16. package/dist/core/types.d.ts.map +1 -1
  17. package/dist/crypto/index.d.ts +5 -6
  18. package/dist/crypto/index.d.ts.map +1 -1
  19. package/dist/crypto/index.js +5 -6
  20. package/dist/crypto/index.js.map +1 -1
  21. package/dist/crypto/sign.d.ts +2 -0
  22. package/dist/crypto/sign.d.ts.map +1 -1
  23. package/dist/crypto/sign.js +6 -0
  24. package/dist/crypto/sign.js.map +1 -1
  25. package/dist/index.js +1 -1
  26. package/dist/index.js.map +1 -1
  27. package/dist/middleware/governance.d.ts +7 -1
  28. package/dist/middleware/governance.d.ts.map +1 -1
  29. package/dist/middleware/governance.js +18 -11
  30. package/dist/middleware/governance.js.map +1 -1
  31. package/dist/server.d.ts +7 -3
  32. package/dist/server.d.ts.map +1 -1
  33. package/dist/server.js +342 -214
  34. package/dist/server.js.map +1 -1
  35. package/dist/storage/sqlite.js +6 -6
  36. package/independent-verifier/README.md +31 -0
  37. package/independent-verifier/package.json +18 -0
  38. package/independent-verifier/verify.ts +211 -0
  39. package/package.json +97 -76
  40. package/src/adapters/openclaw.ts +125 -0
  41. package/src/core/artifact.ts +45 -0
  42. package/src/core/attestation.ts +33 -0
  43. package/src/core/behavioral.ts +132 -0
  44. package/src/core/bundle.ts +45 -0
  45. package/src/core/chain.ts +72 -0
  46. package/src/core/checkpoint.ts +22 -0
  47. package/src/core/delegation.ts +146 -0
  48. package/src/core/disclosure.ts +32 -0
  49. package/src/core/identity.ts +62 -0
  50. package/src/core/index.ts +14 -0
  51. package/src/core/portal.ts +117 -0
  52. package/src/core/quarantine.ts +16 -0
  53. package/src/core/receipt.ts +33 -0
  54. package/src/core/subject.ts +11 -0
  55. package/src/core/types.ts +285 -0
  56. package/src/crypto/hash.ts +33 -0
  57. package/src/crypto/index.ts +5 -0
  58. package/src/crypto/merkle.ts +43 -0
  59. package/src/crypto/salt.ts +18 -0
  60. package/src/crypto/sign.ts +42 -0
  61. package/src/crypto/types.ts +19 -0
  62. package/src/index.ts +12 -0
  63. package/src/middleware/governance.ts +95 -0
  64. package/src/middleware/index.ts +1 -0
  65. package/src/proxy/evaluator.ts +176 -0
  66. package/src/proxy/index.ts +259 -0
  67. package/src/proxy/profiles.ts +48 -0
  68. package/src/proxy/server.ts +499 -0
  69. package/src/proxy/stdio-bridge.ts +171 -0
  70. package/src/proxy/types.ts +40 -0
  71. package/src/proxy/verify.ts +202 -0
  72. package/src/server.ts +435 -0
  73. package/src/storage/index.ts +3 -0
  74. package/src/storage/interface.ts +21 -0
  75. package/src/storage/memory.ts +27 -0
  76. package/src/storage/sqlite.ts +45 -0
  77. package/src/tools/README.md +13 -0
  78. package/src/utils/canonical.ts +14 -0
  79. package/src/utils/constants.ts +3 -0
  80. package/src/utils/timestamp.ts +12 -0
  81. package/src/utils/uuid.ts +2 -0
  82. package/dist/context.d.ts +0 -39
  83. package/dist/context.d.ts.map +0 -1
  84. package/dist/context.js +0 -113
  85. package/dist/context.js.map +0 -1
  86. package/dist/core/measurement.d.ts +0 -16
  87. package/dist/core/measurement.d.ts.map +0 -1
  88. package/dist/core/measurement.js +0 -18
  89. package/dist/core/measurement.js.map +0 -1
  90. package/dist/crypto/canonicalize.d.ts +0 -7
  91. package/dist/crypto/canonicalize.d.ts.map +0 -1
  92. package/dist/crypto/canonicalize.js +0 -21
  93. package/dist/crypto/canonicalize.js.map +0 -1
  94. package/dist/crypto/keys.d.ts +0 -10
  95. package/dist/crypto/keys.d.ts.map +0 -1
  96. package/dist/crypto/keys.js +0 -19
  97. package/dist/crypto/keys.js.map +0 -1
  98. package/dist/prompts/drift-analysis.d.ts +0 -13
  99. package/dist/prompts/drift-analysis.d.ts.map +0 -1
  100. package/dist/prompts/drift-analysis.js +0 -43
  101. package/dist/prompts/drift-analysis.js.map +0 -1
  102. package/dist/prompts/governance-report.d.ts +0 -7
  103. package/dist/prompts/governance-report.d.ts.map +0 -1
  104. package/dist/prompts/governance-report.js +0 -26
  105. package/dist/prompts/governance-report.js.map +0 -1
  106. package/dist/prompts/nccoe-demo.d.ts +0 -14
  107. package/dist/prompts/nccoe-demo.d.ts.map +0 -1
  108. package/dist/prompts/nccoe-demo.js +0 -47
  109. package/dist/prompts/nccoe-demo.js.map +0 -1
  110. package/dist/resources/cosai-mapping.d.ts +0 -24
  111. package/dist/resources/cosai-mapping.d.ts.map +0 -1
  112. package/dist/resources/cosai-mapping.js +0 -127
  113. package/dist/resources/cosai-mapping.js.map +0 -1
  114. package/dist/resources/crypto-primitives.d.ts +0 -3
  115. package/dist/resources/crypto-primitives.d.ts.map +0 -1
  116. package/dist/resources/crypto-primitives.js +0 -52
  117. package/dist/resources/crypto-primitives.js.map +0 -1
  118. package/dist/resources/sample-bundle.d.ts +0 -6
  119. package/dist/resources/sample-bundle.d.ts.map +0 -1
  120. package/dist/resources/sample-bundle.js +0 -58
  121. package/dist/resources/sample-bundle.js.map +0 -1
  122. package/dist/resources/specification.d.ts +0 -3
  123. package/dist/resources/specification.d.ts.map +0 -1
  124. package/dist/resources/specification.js +0 -161
  125. package/dist/resources/specification.js.map +0 -1
  126. package/dist/tools/create-artifact.d.ts +0 -25
  127. package/dist/tools/create-artifact.d.ts.map +0 -1
  128. package/dist/tools/create-artifact.js +0 -85
  129. package/dist/tools/create-artifact.js.map +0 -1
  130. package/dist/tools/delegate-subagent.d.ts +0 -18
  131. package/dist/tools/delegate-subagent.d.ts.map +0 -1
  132. package/dist/tools/delegate-subagent.js +0 -50
  133. package/dist/tools/delegate-subagent.js.map +0 -1
  134. package/dist/tools/disclose-claim.d.ts +0 -14
  135. package/dist/tools/disclose-claim.d.ts.map +0 -1
  136. package/dist/tools/disclose-claim.js +0 -23
  137. package/dist/tools/disclose-claim.js.map +0 -1
  138. package/dist/tools/export-bundle.d.ts +0 -8
  139. package/dist/tools/export-bundle.d.ts.map +0 -1
  140. package/dist/tools/export-bundle.js +0 -25
  141. package/dist/tools/export-bundle.js.map +0 -1
  142. package/dist/tools/full-lifecycle.d.ts +0 -16
  143. package/dist/tools/full-lifecycle.d.ts.map +0 -1
  144. package/dist/tools/full-lifecycle.js +0 -121
  145. package/dist/tools/full-lifecycle.js.map +0 -1
  146. package/dist/tools/generate-receipt.d.ts +0 -16
  147. package/dist/tools/generate-receipt.d.ts.map +0 -1
  148. package/dist/tools/generate-receipt.js +0 -31
  149. package/dist/tools/generate-receipt.js.map +0 -1
  150. package/dist/tools/get-chain.d.ts +0 -14
  151. package/dist/tools/get-chain.d.ts.map +0 -1
  152. package/dist/tools/get-chain.js +0 -45
  153. package/dist/tools/get-chain.js.map +0 -1
  154. package/dist/tools/get-portal-state.d.ts +0 -8
  155. package/dist/tools/get-portal-state.d.ts.map +0 -1
  156. package/dist/tools/get-portal-state.js +0 -15
  157. package/dist/tools/get-portal-state.js.map +0 -1
  158. package/dist/tools/init-chain.d.ts +0 -10
  159. package/dist/tools/init-chain.d.ts.map +0 -1
  160. package/dist/tools/init-chain.js +0 -13
  161. package/dist/tools/init-chain.js.map +0 -1
  162. package/dist/tools/measure-behavior.d.ts +0 -12
  163. package/dist/tools/measure-behavior.d.ts.map +0 -1
  164. package/dist/tools/measure-behavior.js +0 -29
  165. package/dist/tools/measure-behavior.js.map +0 -1
  166. package/dist/tools/measure-subject.d.ts +0 -15
  167. package/dist/tools/measure-subject.d.ts.map +0 -1
  168. package/dist/tools/measure-subject.js +0 -106
  169. package/dist/tools/measure-subject.js.map +0 -1
  170. package/dist/tools/quarantine-status.d.ts +0 -8
  171. package/dist/tools/quarantine-status.d.ts.map +0 -1
  172. package/dist/tools/quarantine-status.js +0 -16
  173. package/dist/tools/quarantine-status.js.map +0 -1
  174. package/dist/tools/revoke-artifact.d.ts +0 -13
  175. package/dist/tools/revoke-artifact.d.ts.map +0 -1
  176. package/dist/tools/revoke-artifact.js +0 -24
  177. package/dist/tools/revoke-artifact.js.map +0 -1
  178. package/dist/tools/rotate-keys.d.ts +0 -13
  179. package/dist/tools/rotate-keys.d.ts.map +0 -1
  180. package/dist/tools/rotate-keys.js +0 -39
  181. package/dist/tools/rotate-keys.js.map +0 -1
  182. package/dist/tools/server-info.d.ts +0 -8
  183. package/dist/tools/server-info.d.ts.map +0 -1
  184. package/dist/tools/server-info.js +0 -23
  185. package/dist/tools/server-info.js.map +0 -1
  186. package/dist/tools/set-verification-tier.d.ts +0 -11
  187. package/dist/tools/set-verification-tier.d.ts.map +0 -1
  188. package/dist/tools/set-verification-tier.js +0 -31
  189. package/dist/tools/set-verification-tier.js.map +0 -1
  190. package/dist/tools/start-monitoring.d.ts +0 -12
  191. package/dist/tools/start-monitoring.d.ts.map +0 -1
  192. package/dist/tools/start-monitoring.js +0 -17
  193. package/dist/tools/start-monitoring.js.map +0 -1
  194. package/dist/tools/trigger-measurement.d.ts +0 -15
  195. package/dist/tools/trigger-measurement.d.ts.map +0 -1
  196. package/dist/tools/trigger-measurement.js +0 -86
  197. package/dist/tools/trigger-measurement.js.map +0 -1
  198. package/dist/tools/verify-artifact.d.ts +0 -13
  199. package/dist/tools/verify-artifact.d.ts.map +0 -1
  200. package/dist/tools/verify-artifact.js +0 -6
  201. package/dist/tools/verify-artifact.js.map +0 -1
  202. package/dist/tools/verify-bundle.d.ts +0 -13
  203. package/dist/tools/verify-bundle.d.ts.map +0 -1
  204. package/dist/tools/verify-bundle.js +0 -6
  205. package/dist/tools/verify-bundle.js.map +0 -1
  206. package/dist/types.d.ts +0 -261
  207. package/dist/types.d.ts.map +0 -1
  208. package/dist/types.js +0 -8
  209. package/dist/types.js.map +0 -1
package/README.md CHANGED
@@ -1,124 +1,197 @@
1
- # @attested-intelligence/aga-mcp-server v2.0.0
2
-
3
- [![MCP Badge](https://lobehub.com/badge/mcp/attested-intelligence-aga-mcp-server)](https://lobehub.com/mcp/attested-intelligence-aga-mcp-server)
4
-
5
- MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems.
6
-
7
- ## What It Does
8
-
9
- This server acts as a **Portal** (zero-trust Policy Enforcement Point) for AI agents. Every tool call is attested, measured against a sealed cryptographic reference, and logged to a tamper-evident continuity chain with signed receipts.
10
-
11
- **20 tools, 3 resources, 3 prompts, 159 tests**
12
-
13
- ## 20 MCP Tools
14
-
15
- | # | Tool | Description |
16
- | --- | --- | --- |
17
- | 1 | `aga_server_info` | Server identity, keys, portal state, framework alignment |
18
- | 2 | `aga_init_chain` | Initialize continuity chain with genesis event |
19
- | 3 | `aga_create_artifact` | Attest subject, generate sealed Policy Artifact |
20
- | 4 | `aga_measure_subject` | Measure subject, compare to sealed ref, generate receipt |
21
- | 5 | `aga_verify_artifact` | Verify artifact signature against issuer key |
22
- | 6 | `aga_start_monitoring` | Start/restart behavioral monitoring with baseline |
23
- | 7 | `aga_get_portal_state` | Current portal enforcement state and TTL |
24
- | 8 | `aga_trigger_measurement` | Trigger measurement with specific type |
25
- | 9 | `aga_generate_receipt` | Generate signed measurement receipt manually |
26
- | 10 | `aga_export_bundle` | Package artifact + receipts + Merkle proofs |
27
- | 11 | `aga_verify_bundle` | 4-step offline bundle verification |
28
- | 12 | `aga_disclose_claim` | Privacy-preserving disclosure with auto-substitution |
29
- | 13 | `aga_get_chain` | Get chain events with optional integrity verification |
30
- | 14 | `aga_quarantine_status` | Quarantine state and forensic capture status |
31
- | 15 | `aga_revoke_artifact` | Mid-session artifact revocation |
32
- | 16 | `aga_set_verification_tier` | Set verification tier (BRONZE/SILVER/GOLD) |
33
- | 17 | `aga_demonstrate_lifecycle` | Full lifecycle: attest, measure, checkpoint, verify |
34
- | 18 | `aga_measure_behavior` | Behavioral drift detection (tool patterns) |
35
- | 19 | `aga_delegate_to_subagent` | Constrained sub-agent delegation (scope only diminishes) |
36
- | 20 | `aga_rotate_keys` | Key rotation with chain event |
37
-
38
- ## 3 Resources
39
-
40
- | Resource | URI | Description |
41
- | --- | --- | --- |
42
- | Protocol Spec | `aga://specification/protocol-v2` | Full protocol specification with SPIFFE alignment |
43
- | Sample Bundle | `aga://resources/sample-bundle` | Sample evidence bundle documentation |
44
- | Crypto Primitives | `aga://resources/crypto-primitives` | Cryptographic primitives documentation |
45
-
46
- ## 3 Prompts
47
-
48
- | Prompt | Description |
49
- |--------|-------------|
50
- | `nccoe-demo` | 4-phase NCCoE lab demo with behavioral drift |
51
- | `governance-report` | Session governance summary report |
52
- | `drift-analysis` | Drift event analysis and remediation |
53
-
54
- ## CoSAI MCP Security Threat Coverage
55
-
56
- The AGA MCP Server addresses all 12 threat categories identified in the
57
- [CoSAI MCP Security whitepaper](https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/main/model-context-protocol-security.md)
58
- (Coalition for Secure AI / OASIS, January 2026).
59
-
60
- | CoSAI Category | Threat Domain | AGA Governance Mechanism |
61
- |---|---|---|
62
- | T1: Improper Authentication | Identity & Access | Ed25519 artifact signatures, pinned issuer keys, TTL re-attestation, key rotation chain events |
63
- | T2: Missing Access Control | Identity & Access | Portal as mandatory enforcement boundary, sealed constraints, delegation with scope diminishment |
64
- | T3: Input Validation Failures | Input Handling | Runtime measurement against sealed reference, behavioral drift detection |
65
- | T4: Data/Control Boundary Failures | Input Handling | Behavioral baseline (permitted tools, forbidden sequences, rate limits), phantom execution forensics |
66
- | T5: Inadequate Data Protection | Data & Code | Salted commitments, privacy-preserving disclosure with substitution, inference risk prevention |
67
- | T6: Missing Integrity Controls | Data & Code | Content-addressable hash binding, 10 measurement embodiments, continuous runtime verification |
68
- | T7: Session/Transport Security | Network & Transport | TTL-based artifact expiration, fail-closed on expiry, mid-session revocation, Ed25519 signed receipts |
69
- | T8: Network Isolation Failures | Network & Transport | Two-process architecture, agent holds no credentials, NETWORK_ISOLATE enforcement action |
70
- | T9: Trust Boundary Failures | Trust & Design | Enforcement pre-committed by human authorities in sealed artifact, not delegated to LLM |
71
- | T10: Resource Management | Trust & Design | Per-tool rate limits in behavioral baseline, configurable measurement cadence (10ms to 3600s) |
72
- | T11: Supply Chain Failures | Operational | Content-addressable hashing at attestation, runtime hash comparison blocks modified components |
73
- | T12: Insufficient Observability | Operational | Signed receipts, tamper-evident continuity chain, Merkle anchoring, offline evidence bundles |
74
-
75
- Full mapping details available via the `aga://specification` resource.
76
-
77
- ## Quick Start
78
-
79
- ```bash
80
- npm install && npm run build && npm test
81
- ```
82
-
83
- ## Connect to an MCP Client
84
-
85
- Add to your MCP client config:
86
-
87
- ```json
88
- {
89
- "mcpServers": {
90
- "aga": { "command": "node", "args": ["/path/to/aga-mcp-server/dist/index.js"] }
91
- }
92
- }
93
- ```
94
-
95
- ## Architecture
96
-
97
- ```
98
- MCP Client
99
- JSON-RPC over stdio
100
-
101
- src/server.ts - 20 tools + 3 resources + 3 prompts
102
-
103
- ├── src/tools/ 20 individual tool handlers
104
- ├── src/core/ Protocol logic (artifact, chain, portal, etc.)
105
- ├── src/crypto/ Ed25519 + SHA-256 + Merkle + canonical JSON
106
- ├── src/middleware/ Zero-trust governance PEP
107
- ├── src/storage/ In-memory + optional SQLite
108
- ├── src/resources/ Protocol docs + crypto primitives
109
- └── src/prompts/ Demo + report + analysis prompts
110
- ```
111
-
112
- ## Test Coverage
113
-
114
- | Suite | Tests | What |
115
- |-------|-------|------|
116
- | Crypto | 33 | SHA-256, Ed25519, Merkle, salt, canonical, keys |
117
- | Core | 56 | Artifact, chain, portal, governance, behavioral, delegation, privacy, revocation, fail-closed |
118
- | Tools | 25 | All 20 tool handlers |
119
- | Integration | 38 | Bundle tamper, lifecycle, performance, NCCoE demo, crucible compatibility |
120
- | **Total** | **159** | |
121
-
122
- ## License
123
-
124
- MIT - Attested Intelligence Holdings LLC
1
+ # AGA - Attested Governance Artifacts
2
+
3
+ Cryptographic runtime governance for AI agents and autonomous systems.
4
+
5
+ [![npm](https://img.shields.io/npm/v/@attested-intelligence/aga-mcp-server)](https://www.npmjs.com/package/@attested-intelligence/aga-mcp-server)
6
+ [![PyPI](https://img.shields.io/pypi/v/aga-governance)](https://pypi.org/project/aga-governance/)
7
+ [![License: BUSL-1.1](https://img.shields.io/badge/License-BUSL--1.1-blue.svg)](LICENSE)
8
+ [![Tests](https://img.shields.io/badge/tests-355%2B-brightgreen)](https://github.com/attestedintelligence/AGA)
9
+
10
+ ```bash
11
+ # Try it now
12
+ pip install aga-governance
13
+ python -m aga demo
14
+ python -m aga verify demo-bundle.json
15
+ ```
16
+
17
+ ## What This Does
18
+
19
+ AGA generates sealed, cryptographically signed Policy Artifacts that bind subject identity to authorized behavior and enforce that binding continuously at runtime. A two-process Portal architecture holds all cryptographic keys while the governed agent holds none - the agent cannot self-authorize, bypass enforcement, or forge receipts.
20
+
21
+ **Seal. Enforce. Prove.**
22
+
23
+ ## Architecture
24
+
25
+ ```
26
+ Policy Author Portal (Keys) Subject (Agent)
27
+ | | |
28
+ [Seal Artifact] ------> [Store Reference] |
29
+ | | |
30
+ | [Continuous Measurement] <---- [Runtime State]
31
+ | | |
32
+ | [Drift Detected?] |
33
+ | / \ |
34
+ | Yes / \ No |
35
+ | / \ |
36
+ | [Enforce Action] [Append Receipt] |
37
+ | | | |
38
+ | [Signed Receipt] | |
39
+ | | | |
40
+ | [Continuity Chain] <-+ |
41
+ | | |
42
+ | [Evidence Bundle] |
43
+ | | |
44
+ v [Offline Verify] v
45
+ ```
46
+
47
+ ### Core Operations
48
+
49
+ - **Seal:** Attest subject state, compute sealed hash (SHA-256, no delimiters), sign with Ed25519 over RFC 8785 canonical JSON
50
+ - **Enforce:** Portal measures runtime state against sealed reference, executes enforcement on drift (7 graduated actions including phantom execution for forensic capture)
51
+ - **Prove:** Evidence Bundles with Merkle inclusion proofs enable offline verification by any third party using only standard cryptographic libraries
52
+
53
+ ## Use with Claude Desktop
54
+
55
+ Add to your Claude Desktop MCP config (`claude_desktop_config.json`):
56
+
57
+ ```json
58
+ {
59
+ "mcpServers": {
60
+ "aga": {
61
+ "command": "npx",
62
+ "args": ["-y", "@attested-intelligence/aga-mcp-server"]
63
+ }
64
+ }
65
+ }
66
+ ```
67
+
68
+ Claude can then seal artifacts, measure integrity, generate evidence bundles, and verify compliance through natural language.
69
+
70
+ ## MCP Tools (20)
71
+
72
+ | Category | Tools |
73
+ |----------|-------|
74
+ | **Identity** | `get_server_info`, `get_portal_state` |
75
+ | **Lifecycle** | `init_chain`, `attest_subject`, `revoke_artifact` |
76
+ | **Enforcement** | `measure_integrity`, `measure_behavior`, `verify_chain` |
77
+ | **Evidence** | `create_checkpoint`, `generate_evidence_bundle`, `verify_bundle_offline` |
78
+ | **Privacy** | `request_claim`, `list_claims` |
79
+ | **Delegation** | `delegate_to_subagent` |
80
+ | **Audit** | `get_receipts`, `get_chain_events` |
81
+
82
+ ## Quick Start
83
+
84
+ ```bash
85
+ git clone https://github.com/attestedintelligence/AGA.git
86
+ cd AGA
87
+ npm install
88
+ npm test
89
+ ```
90
+
91
+ ### Python SDK
92
+
93
+ ```bash
94
+ pip install aga-governance
95
+ python -m aga demo
96
+ python -m aga verify demo-bundle.json
97
+ ```
98
+
99
+ ### Generate and Verify an Evidence Bundle
100
+
101
+ ```bash
102
+ npx tsx scripts/generate-evidence-bundle.mjs
103
+ node independent-verifier/verify.js aga-evidence/evidence-bundle.json
104
+ ```
105
+
106
+ ## MCP Governance Proxy
107
+
108
+ Run AGA as a transparent proxy between any MCP client and any MCP server. Every tool call gets evaluated against policy and produces a signed receipt.
109
+
110
+ ```bash
111
+ # Start the proxy with an upstream MCP server
112
+ npx tsx src/proxy/index.ts start --upstream "npx -y @modelcontextprotocol/server-filesystem /tmp/test" --profile standard
113
+
114
+ # Export the evidence bundle
115
+ npx tsx src/proxy/index.ts export --output evidence.json
116
+
117
+ # Verify
118
+ npx tsx src/proxy/index.ts verify evidence.json
119
+ ```
120
+
121
+ The proxy intercepts `tools/call` requests, evaluates them against a sealed policy artifact, and generates signed receipts. Permitted calls are forwarded to the downstream server. Denied calls return an MCP error. Every decision is hash-linked into a tamper-evident chain.
122
+
123
+ Three built-in policy profiles:
124
+ - **permissive** - log everything, block nothing (default)
125
+ - **standard** - rate limits + blocks destructive operations
126
+ - **restrictive** - explicit tool allowlist, all unknown tools denied
127
+
128
+ ## Deployment Scenarios
129
+
130
+ | Scenario | Description | Key Feature |
131
+ |----------|-------------|-------------|
132
+ | Air-Gapped Audit | Portable evidence bundles for DDIL environments | No network connectivity required |
133
+ | SCADA/ICS Enforcement | Real-time integrity monitoring for industrial control | O(1) receipt generation, deterministic bounds |
134
+ | Autonomous Safe-State | Automatic transition to safe profiles on drift | 7 graduated enforcement actions |
135
+ | Model Deployment Gate | Policy-enforced model release to production | Integrity verification before execution |
136
+ | Cloud Governance | Cryptographic governance for cloud infrastructure | Evidence isolation, multi-tenant support |
137
+ | SOC/IR Evidence | Incident response bundles with chain-of-custody | Forensic-grade audit trails |
138
+
139
+ ## Cryptographic Primitives
140
+
141
+ | Primitive | Purpose |
142
+ |-----------|---------|
143
+ | Ed25519 | Digital signatures (artifact sealing, receipt signing) |
144
+ | SHA-256 | Content integrity (sealed hash computation) |
145
+ | BLAKE2b-256 | Artifact fingerprinting |
146
+ | RFC 8785 (JCS) | Canonical JSON serialization |
147
+ | HKDF-SHA256 | Key derivation |
148
+ | Merkle Trees | Checkpoint anchoring to immutable storage |
149
+
150
+ ## Test Suite
151
+
152
+ 355+ automated tests (218 TypeScript + 137 Python) covering the full AGA lifecycle:
153
+
154
+ ```bash
155
+ npm test # TypeScript tests
156
+ cd aga-python && python -m pytest # Python tests
157
+ ```
158
+
159
+ ## Project Structure
160
+
161
+ ```
162
+ src/ # Core protocol: artifacts, receipts, chain, Merkle, crypto, portal state machine
163
+ core/ # Governance primitives (artifact, receipt, chain, portal, bundle)
164
+ crypto/ # Ed25519, SHA-256, BLAKE2b, Merkle, JCS canonicalization
165
+ proxy/ # MCP governance proxy (transparent interception + policy enforcement)
166
+ tools/ # MCP tool handlers (20 tools)
167
+ middleware/ # Zero-trust governance enforcement wrapper
168
+ aga-python/ # Python SDK with @governed decorator (PyPI: aga-governance)
169
+ independent-verifier/ # Standalone verifier with zero AGA imports
170
+ scenarios/ # Deployment scenarios (SCADA, drone, AI agent)
171
+ tests/ # TypeScript test suite (218 tests)
172
+ ```
173
+
174
+ ## Links
175
+
176
+ - [Website](https://attestedintelligence.com)
177
+ - [Technology](https://attestedintelligence.com/technology)
178
+ - [Diligence Materials](https://attestedintelligence.com/diligence)
179
+ - [MCP Server (npm)](https://www.npmjs.com/package/@attested-intelligence/aga-mcp-server)
180
+ - [Python SDK (PyPI)](https://pypi.org/project/aga-governance/)
181
+ - [Interactive Verifier](https://attestedintelligence.com/verify)
182
+
183
+ ## Security
184
+
185
+ See [SECURITY.md](SECURITY.md) for vulnerability reporting.
186
+
187
+ ## Contributing
188
+
189
+ See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup and guidelines.
190
+
191
+ ## License
192
+
193
+ [BUSL-1.1](LICENSE) - Business Source License 1.1
194
+
195
+ ---
196
+
197
+ Attested Intelligence Holdings LLC
package/SECURITY.md ADDED
@@ -0,0 +1,59 @@
1
+ # Security Policy
2
+
3
+ ## Reporting a Vulnerability
4
+
5
+ If you discover a security vulnerability in AGA, please report it responsibly.
6
+
7
+ **Email:** [admin@attestedintelligence.com](mailto:admin@attestedintelligence.com)
8
+
9
+ **Subject line:** `[SECURITY] AGA Vulnerability Report`
10
+
11
+ ### What to Include
12
+
13
+ - Description of the vulnerability
14
+ - Steps to reproduce
15
+ - Potential impact assessment
16
+ - Suggested fix (if you have one)
17
+
18
+ ### Response Timeline
19
+
20
+ - **Acknowledgment:** Within 48 hours of receipt
21
+ - **Initial assessment:** Within 5 business days
22
+ - **Resolution target:** Dependent on severity, typically within 30 days for critical issues
23
+
24
+ ### Scope
25
+
26
+ This policy covers:
27
+
28
+ - The AGA reference implementation (`src/`, `independent-verifier/`)
29
+ - The MCP server (`@attested-intelligence/aga-mcp-server`)
30
+ - Cryptographic operations (signing, verification, hash computation, chain integrity)
31
+ - Evidence Bundle generation and verification
32
+
33
+ ### Out of Scope
34
+
35
+ - The attestedintelligence.com website (report separately to the same email)
36
+ - Third-party dependencies (report to the upstream maintainer, but let us know)
37
+ - Social engineering or phishing attacks
38
+
39
+ ### Cryptographic Considerations
40
+
41
+ AGA relies on Ed25519 signatures, SHA-256 hashing, BLAKE2b-256 fingerprinting, and Merkle tree anchoring. If you identify a weakness in how these primitives are applied (not the primitives themselves), that is a valid report.
42
+
43
+ Key areas of concern:
44
+
45
+ - Sealed hash computation correctness
46
+ - Receipt chain integrity (hash linking)
47
+ - Merkle checkpoint verification
48
+ - Key separation enforcement between Portal and agent
49
+ - Evidence Bundle completeness and tamper detection
50
+
51
+ ### Disclosure
52
+
53
+ We follow coordinated disclosure. Please do not publicly disclose vulnerabilities until we have released a fix or 90 days have elapsed, whichever comes first.
54
+
55
+ We do not currently operate a bug bounty program.
56
+
57
+ ---
58
+
59
+ Attested Intelligence Holdings LLC
@@ -1,6 +1,13 @@
1
1
  import type { KeyPair, MerkleInclusionProof } from '../crypto/types.js';
2
- import type { EvidenceBundle, PolicyArtifact, SignedReceipt, CheckpointReference } from './types.js';
3
- export declare function generateBundle(artifact: PolicyArtifact, receipts: SignedReceipt[], proofs: MerkleInclusionProof[], checkpoint: CheckpointReference, kp: KeyPair): EvidenceBundle;
2
+ import type { EvidenceBundle, PolicyArtifact, SignedReceipt, CheckpointReference, VerificationTier } from './types.js';
3
+ /**
4
+ * Generate an evidence bundle. Original signature preserved for backward compatibility.
5
+ * Tiered bundle generation (CAISI §3b):
6
+ * BRONZE - artifact + receipts only (proofs omitted)
7
+ * SILVER - artifact + receipts + Merkle proofs
8
+ * GOLD - artifact + receipts + Merkle proofs + anchor checkpoint reference
9
+ */
10
+ export declare function generateBundle(artifact: PolicyArtifact, receipts: SignedReceipt[], proofs: MerkleInclusionProof[], checkpoint: CheckpointReference, kp: KeyPair, tier?: VerificationTier): EvidenceBundle;
4
11
  export interface VerificationResult {
5
12
  step1_artifact_sig: boolean;
6
13
  step2_receipt_sigs: boolean;
@@ -1 +1 @@
1
- {"version":3,"file":"bundle.d.ts","sourceRoot":"","sources":["../../src/core/bundle.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAErG,wBAAgB,cAAc,CAAC,QAAQ,EAAE,cAAc,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,MAAM,EAAE,oBAAoB,EAAE,EAAE,UAAU,EAAE,mBAAmB,EAAE,EAAE,EAAE,OAAO,GAAG,cAAc,CAGhL;AAED,MAAM,WAAW,kBAAkB;IACjC,kBAAkB,EAAE,OAAO,CAAC;IAAC,kBAAkB,EAAE,OAAO,CAAC;IACzD,mBAAmB,EAAE,OAAO,CAAC;IAAC,YAAY,EAAE,iBAAiB,GAAG,OAAO,CAAC;IACxE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAC;CACpC;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG,kBAAkB,CAanG"}
1
+ {"version":3,"file":"bundle.d.ts","sourceRoot":"","sources":["../../src/core/bundle.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEvH;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,cAAc,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,MAAM,EAAE,oBAAoB,EAAE,EAAE,UAAU,EAAE,mBAAmB,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,gBAAgB,GAAG,cAAc,CAUzM;AAED,MAAM,WAAW,kBAAkB;IACjC,kBAAkB,EAAE,OAAO,CAAC;IAAC,kBAAkB,EAAE,OAAO,CAAC;IACzD,mBAAmB,EAAE,OAAO,CAAC;IAAC,YAAY,EAAE,iBAAiB,GAAG,OAAO,CAAC;IACxE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAC;CACpC;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG,kBAAkB,CAanG"}
@@ -1,8 +1,22 @@
1
1
  import { signStr, sigToB64, b64ToSig, hexToPk, verifyStr, pkToHex } from '../crypto/sign.js';
2
2
  import { verifyProof } from '../crypto/merkle.js';
3
3
  import { canonicalize } from '../utils/canonical.js';
4
- export function generateBundle(artifact, receipts, proofs, checkpoint, kp) {
5
- const unsigned = { artifact, receipts, merkle_proofs: proofs, checkpoint_reference: checkpoint, public_key: pkToHex(kp.publicKey) };
4
+ /**
5
+ * Generate an evidence bundle. Original signature preserved for backward compatibility.
6
+ * Tiered bundle generation (CAISI §3b):
7
+ * BRONZE - artifact + receipts only (proofs omitted)
8
+ * SILVER - artifact + receipts + Merkle proofs
9
+ * GOLD - artifact + receipts + Merkle proofs + anchor checkpoint reference
10
+ */
11
+ export function generateBundle(artifact, receipts, proofs, checkpoint, kp, tier) {
12
+ const effectiveTier = tier ?? 'GOLD';
13
+ const bundleProofs = effectiveTier === 'BRONZE' ? [] : proofs;
14
+ const bundleCheckpoint = effectiveTier === 'GOLD' ? checkpoint : {
15
+ ...checkpoint,
16
+ transaction_id: effectiveTier === 'BRONZE' ? '' : checkpoint.transaction_id,
17
+ anchor_network: effectiveTier === 'BRONZE' ? '' : checkpoint.anchor_network,
18
+ };
19
+ const unsigned = { artifact, receipts, merkle_proofs: bundleProofs, checkpoint_reference: bundleCheckpoint, public_key: pkToHex(kp.publicKey), verification_tier: effectiveTier };
6
20
  return { ...unsigned, bundle_signature: sigToB64(signStr(canonicalize(unsigned), kp.secretKey)) };
7
21
  }
8
22
  export function verifyBundleOffline(bundle, pinnedPkHex) {
@@ -1 +1 @@
1
- {"version":3,"file":"bundle.js","sourceRoot":"","sources":["../../src/core/bundle.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC7F,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAIrD,MAAM,UAAU,cAAc,CAAC,QAAwB,EAAE,QAAyB,EAAE,MAA8B,EAAE,UAA+B,EAAE,EAAW;IAC9J,MAAM,QAAQ,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,oBAAoB,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC;IACpI,OAAO,EAAE,GAAG,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;AACpG,CAAC;AAQD,MAAM,UAAU,mBAAmB,CAAC,MAAsB,EAAE,WAAmB;IAC7E,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;IACnD,MAAM,EAAE,GAAG,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAC7E,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAClD,IAAI,EAAE,GAAG,IAAI,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,YAAY,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAAC,EAAE,GAAG,KAAK,CAAC;YAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,UAAU,aAAa,CAAC,CAAC;QAAC,CAAC;IAC9J,CAAC;IACD,IAAI,EAAE,GAAG,IAAI,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;YAAC,EAAE,GAAG,KAAK,CAAC;YAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;QAAC,CAAC;IAAC,CAAC;IACtI,OAAO,EAAE,kBAAkB,EAAE,EAAE,EAAE,kBAAkB,EAAE,EAAE,EAAE,mBAAmB,EAAE,EAAE,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC;AACvJ,CAAC"}
1
+ {"version":3,"file":"bundle.js","sourceRoot":"","sources":["../../src/core/bundle.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC7F,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAIrD;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,QAAwB,EAAE,QAAyB,EAAE,MAA8B,EAAE,UAA+B,EAAE,EAAW,EAAE,IAAuB;IACvL,MAAM,aAAa,GAAG,IAAI,IAAI,MAAM,CAAC;IACrC,MAAM,YAAY,GAAG,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAC9D,MAAM,gBAAgB,GAAwB,aAAa,KAAK,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QACpF,GAAG,UAAU;QACb,cAAc,EAAE,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,cAAc;QAC3E,cAAc,EAAE,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,cAAc;KAC5E,CAAC;IACF,MAAM,QAAQ,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,EAAE,aAAa,EAAE,CAAC;IAClL,OAAO,EAAE,GAAG,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;AACpG,CAAC;AAQD,MAAM,UAAU,mBAAmB,CAAC,MAAsB,EAAE,WAAmB;IAC7E,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;IACnD,MAAM,EAAE,GAAG,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAC7E,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAClD,IAAI,EAAE,GAAG,IAAI,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,YAAY,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAAC,EAAE,GAAG,KAAK,CAAC;YAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,UAAU,aAAa,CAAC,CAAC;QAAC,CAAC;IAC9J,CAAC;IACD,IAAI,EAAE,GAAG,IAAI,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;YAAC,EAAE,GAAG,KAAK,CAAC;YAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;QAAC,CAAC;IAAC,CAAC;IACtI,OAAO,EAAE,kBAAkB,EAAE,EAAE,EAAE,kBAAkB,EAAE,EAAE,EAAE,mBAAmB,EAAE,EAAE,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC;AACvJ,CAAC"}
@@ -1,14 +1,23 @@
1
+ import type { KeyPair } from '../crypto/types.js';
2
+ import type { ContinuityEvent } from './types.js';
3
+ export { keyFingerprint } from '../crypto/sign.js';
1
4
  /**
2
- * Identity operations: key fingerprinting, validation, rotation.
5
+ * Check whether a key is still valid given its issuance time and TTL.
6
+ * NCCoE §2: non-biometric identity validity check.
3
7
  */
4
- import { keyFingerprint, isKeyValid } from '../crypto/keys.js';
5
- import type { KeyPair } from '../types.js';
6
- export { keyFingerprint, isKeyValid };
7
- export interface KeyRotationResult {
8
+ export declare function isKeyValid(issuedAt: string, ttlSeconds: number): boolean;
9
+ /**
10
+ * Generate a new key pair for rotation, returning both old and new for
11
+ * a transition period defined by policy. NCCoE §3: key rotation.
12
+ */
13
+ export declare function rotateKeyPair(currentKeyPair: KeyPair): {
14
+ oldKeyPair: KeyPair;
8
15
  newKeyPair: KeyPair;
9
- newPublicKeyHex: string;
10
- oldPublicKeyHex: string;
11
- rotatedAt: string;
12
- }
13
- export declare function rotateKeys(oldKP: KeyPair): KeyRotationResult;
16
+ };
17
+ /**
18
+ * Record a key rotation event on the continuity chain.
19
+ * NCCoE §3: "Key rotation is handled by including both old and new public keys
20
+ * during a transition period defined by policy."
21
+ */
22
+ export declare function recordKeyRotation(prevEvent: ContinuityEvent, keypairType: string, oldPublicKeyHex: string, newPublicKeyHex: string, reason: string, signingKeyPair: KeyPair): ContinuityEvent;
14
23
  //# sourceMappingURL=identity.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAiB,MAAM,mBAAmB,CAAC;AAE9E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AAEtC,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,iBAAiB,CAQ5D"}
1
+ {"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAqB,MAAM,YAAY,CAAC;AAGrE,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD;;;GAGG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAExE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,cAAc,EAAE,OAAO,GAAG;IAAE,UAAU,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,OAAO,CAAA;CAAE,CAGnG;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,eAAe,EAC1B,WAAW,EAAE,MAAM,EACnB,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,EACvB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,OAAO,GACtB,eAAe,CAUjB"}
@@ -1,16 +1,50 @@
1
1
  /**
2
- * Identity operations: key fingerprinting, validation, rotation.
2
+ * Identity and Key Lifecycle.
3
+ *
4
+ * Non-biometric cryptographic identity: agent identity derived from
5
+ * cryptographic key pair bound to append-only attestation history in
6
+ * continuity chain. Authority from valid signature history, not biometric traits.
7
+ *
8
+ * Functions:
9
+ * - keyFingerprint: re-exported from crypto/sign.ts for convenience
10
+ * - isKeyValid: check key TTL expiry
11
+ * - rotateKeyPair: generate new key pair for rotation
12
+ * - recordKeyRotation: append KEY_ROTATION event to chain
3
13
  */
4
- import { keyFingerprint, isKeyValid, rotateKeyPair } from '../crypto/keys.js';
5
- import { pkToHex } from '../crypto/sign.js';
6
- export { keyFingerprint, isKeyValid };
7
- export function rotateKeys(oldKP) {
8
- const newKP = rotateKeyPair();
9
- return {
10
- newKeyPair: newKP,
11
- newPublicKeyHex: pkToHex(newKP.publicKey),
12
- oldPublicKeyHex: pkToHex(oldKP.publicKey),
13
- rotatedAt: new Date().toISOString(),
14
+ import { generateKeyPair } from '../crypto/sign.js';
15
+ import { isExpired } from '../utils/timestamp.js';
16
+ import { appendEvent } from './chain.js';
17
+ // Re-export keyFingerprint for identity module consumers (NCCoE §2)
18
+ export { keyFingerprint } from '../crypto/sign.js';
19
+ /**
20
+ * Check whether a key is still valid given its issuance time and TTL.
21
+ * NCCoE §2: non-biometric identity validity check.
22
+ */
23
+ export function isKeyValid(issuedAt, ttlSeconds) {
24
+ return !isExpired(issuedAt, ttlSeconds);
25
+ }
26
+ /**
27
+ * Generate a new key pair for rotation, returning both old and new for
28
+ * a transition period defined by policy. NCCoE §3: key rotation.
29
+ */
30
+ export function rotateKeyPair(currentKeyPair) {
31
+ const newKeyPair = generateKeyPair();
32
+ return { oldKeyPair: currentKeyPair, newKeyPair };
33
+ }
34
+ /**
35
+ * Record a key rotation event on the continuity chain.
36
+ * NCCoE §3: "Key rotation is handled by including both old and new public keys
37
+ * during a transition period defined by policy."
38
+ */
39
+ export function recordKeyRotation(prevEvent, keypairType, oldPublicKeyHex, newPublicKeyHex, reason, signingKeyPair) {
40
+ const payload = {
41
+ keypair_type: keypairType,
42
+ old_public_key: oldPublicKeyHex,
43
+ new_public_key: newPublicKeyHex,
44
+ reason,
45
+ rotation_timestamp: new Date().toISOString(),
46
+ chain_sequence: prevEvent.sequence_number + 1,
14
47
  };
48
+ return appendEvent('KEY_ROTATION', payload, prevEvent, signingKeyPair);
15
49
  }
16
50
  //# sourceMappingURL=identity.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAmB,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG7D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AAStC,MAAM,UAAU,UAAU,CAAC,KAAc;IACvC,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,OAAO;QACL,UAAU,EAAE,KAAK;QACjB,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;QACzC,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;QACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,eAAe,EAA2B,MAAM,mBAAmB,CAAC;AAC7E,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAIzC,oEAAoE;AACpE,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,QAAgB,EAAE,UAAkB;IAC7D,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;AAC1C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,cAAuB;IACnD,MAAM,UAAU,GAAG,eAAe,EAAE,CAAC;IACrC,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AACpD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,SAA0B,EAC1B,WAAmB,EACnB,eAAuB,EACvB,eAAuB,EACvB,MAAc,EACd,cAAuB;IAEvB,MAAM,OAAO,GAAsB;QACjC,YAAY,EAAE,WAAW;QACzB,cAAc,EAAE,eAAe;QAC/B,cAAc,EAAE,eAAe;QAC/B,MAAM;QACN,kBAAkB,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5C,cAAc,EAAE,SAAS,CAAC,eAAe,GAAG,CAAC;KAC9C,CAAC;IACF,OAAO,WAAW,CAAC,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;AACzE,CAAC"}
@@ -8,6 +8,14 @@ export interface MeasurementResult {
8
8
  expectedMetaHash: HashHex;
9
9
  ttl_ok: boolean;
10
10
  revoked: boolean;
11
+ degraded?: boolean;
12
+ }
13
+ /** Degradation event record for the continuity chain. */
14
+ export interface DegradationEvent {
15
+ reason: string;
16
+ timestamp: string;
17
+ artifact_reference: HashHex;
18
+ previous_state: string;
11
19
  }
12
20
  export declare class Portal {
13
21
  state: PortalState;
@@ -15,13 +23,14 @@ export declare class Portal {
15
23
  sequenceCounter: number;
16
24
  lastLeafHash: HashHex | null;
17
25
  revocations: Set<string>;
26
+ degradationLog: DegradationEvent[];
18
27
  loadArtifact(artifact: PolicyArtifact, pinnedPkHex: string): {
19
28
  ok: boolean;
20
29
  error?: string;
21
30
  };
22
31
  measure(subjectBytes: Uint8Array, meta: SubjectMetadata): MeasurementResult;
23
32
  enforce(action: EnforcementAction): void;
24
- revoke(sealedHash: string, transitionTo?: 'TERMINATED' | 'SAFE_STATE'): void;
33
+ revoke(sealedHash: string): void;
25
34
  isRevoked(sealedHash: string): boolean;
26
35
  reset(): void;
27
36
  }
@@ -1 +1 @@
1
- {"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,MAAM;IACjB,KAAK,EAAE,WAAW,CAAoB;IACtC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAQ;IACvC,eAAe,SAAK;IACpB,YAAY,EAAE,OAAO,GAAG,IAAI,CAAQ;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAErC,YAAY,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAiB5F,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,GAAG,iBAAiB;IA6B3E,OAAO,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI;IAWxC,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,YAAY,GAAG,IAAI;IAO5E,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAEtC,KAAK,IAAI,IAAI;CAId"}
1
+ {"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,yDAAyD;AACzD,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,qBAAa,MAAM;IACjB,KAAK,EAAE,WAAW,CAAoB;IACtC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAQ;IACvC,eAAe,SAAK;IACpB,YAAY,EAAE,OAAO,GAAG,IAAI,CAAQ;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IACrC,cAAc,EAAE,gBAAgB,EAAE,CAAM;IAExC,YAAY,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAiB5F,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,GAAG,iBAAiB;IAuC3E,OAAO,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI;IAUxC,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAKhC,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAEtC,KAAK,IAAI,IAAI;CAId"}