@attested-intelligence/aga-mcp-server 2.1.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +197 -124
- package/SECURITY.md +59 -0
- package/dist/core/bundle.d.ts +9 -2
- package/dist/core/bundle.d.ts.map +1 -1
- package/dist/core/bundle.js +16 -2
- package/dist/core/bundle.js.map +1 -1
- package/dist/core/identity.d.ts +19 -10
- package/dist/core/identity.d.ts.map +1 -1
- package/dist/core/identity.js +45 -11
- package/dist/core/identity.js.map +1 -1
- package/dist/core/portal.d.ts +10 -1
- package/dist/core/portal.d.ts.map +1 -1
- package/dist/core/portal.js +16 -12
- package/dist/core/portal.js.map +1 -1
- package/dist/core/types.d.ts +29 -2
- package/dist/core/types.d.ts.map +1 -1
- package/dist/crypto/index.d.ts +5 -6
- package/dist/crypto/index.d.ts.map +1 -1
- package/dist/crypto/index.js +5 -6
- package/dist/crypto/index.js.map +1 -1
- package/dist/crypto/sign.d.ts +2 -0
- package/dist/crypto/sign.d.ts.map +1 -1
- package/dist/crypto/sign.js +6 -0
- package/dist/crypto/sign.js.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware/governance.d.ts +7 -1
- package/dist/middleware/governance.d.ts.map +1 -1
- package/dist/middleware/governance.js +18 -11
- package/dist/middleware/governance.js.map +1 -1
- package/dist/server.d.ts +7 -3
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +342 -214
- package/dist/server.js.map +1 -1
- package/dist/storage/sqlite.js +6 -6
- package/independent-verifier/README.md +31 -0
- package/independent-verifier/package.json +18 -0
- package/independent-verifier/verify.ts +211 -0
- package/package.json +97 -76
- package/src/adapters/openclaw.ts +125 -0
- package/src/core/artifact.ts +45 -0
- package/src/core/attestation.ts +33 -0
- package/src/core/behavioral.ts +132 -0
- package/src/core/bundle.ts +45 -0
- package/src/core/chain.ts +72 -0
- package/src/core/checkpoint.ts +22 -0
- package/src/core/delegation.ts +146 -0
- package/src/core/disclosure.ts +32 -0
- package/src/core/identity.ts +62 -0
- package/src/core/index.ts +14 -0
- package/src/core/portal.ts +117 -0
- package/src/core/quarantine.ts +16 -0
- package/src/core/receipt.ts +33 -0
- package/src/core/subject.ts +11 -0
- package/src/core/types.ts +285 -0
- package/src/crypto/hash.ts +33 -0
- package/src/crypto/index.ts +5 -0
- package/src/crypto/merkle.ts +43 -0
- package/src/crypto/salt.ts +18 -0
- package/src/crypto/sign.ts +42 -0
- package/src/crypto/types.ts +19 -0
- package/src/index.ts +12 -0
- package/src/middleware/governance.ts +95 -0
- package/src/middleware/index.ts +1 -0
- package/src/proxy/evaluator.ts +176 -0
- package/src/proxy/index.ts +259 -0
- package/src/proxy/profiles.ts +48 -0
- package/src/proxy/server.ts +499 -0
- package/src/proxy/stdio-bridge.ts +171 -0
- package/src/proxy/types.ts +40 -0
- package/src/proxy/verify.ts +202 -0
- package/src/server.ts +435 -0
- package/src/storage/index.ts +3 -0
- package/src/storage/interface.ts +21 -0
- package/src/storage/memory.ts +27 -0
- package/src/storage/sqlite.ts +45 -0
- package/src/tools/README.md +13 -0
- package/src/utils/canonical.ts +14 -0
- package/src/utils/constants.ts +3 -0
- package/src/utils/timestamp.ts +12 -0
- package/src/utils/uuid.ts +2 -0
- package/dist/context.d.ts +0 -39
- package/dist/context.d.ts.map +0 -1
- package/dist/context.js +0 -113
- package/dist/context.js.map +0 -1
- package/dist/core/measurement.d.ts +0 -16
- package/dist/core/measurement.d.ts.map +0 -1
- package/dist/core/measurement.js +0 -18
- package/dist/core/measurement.js.map +0 -1
- package/dist/crypto/canonicalize.d.ts +0 -7
- package/dist/crypto/canonicalize.d.ts.map +0 -1
- package/dist/crypto/canonicalize.js +0 -21
- package/dist/crypto/canonicalize.js.map +0 -1
- package/dist/crypto/keys.d.ts +0 -10
- package/dist/crypto/keys.d.ts.map +0 -1
- package/dist/crypto/keys.js +0 -19
- package/dist/crypto/keys.js.map +0 -1
- package/dist/prompts/drift-analysis.d.ts +0 -13
- package/dist/prompts/drift-analysis.d.ts.map +0 -1
- package/dist/prompts/drift-analysis.js +0 -43
- package/dist/prompts/drift-analysis.js.map +0 -1
- package/dist/prompts/governance-report.d.ts +0 -7
- package/dist/prompts/governance-report.d.ts.map +0 -1
- package/dist/prompts/governance-report.js +0 -26
- package/dist/prompts/governance-report.js.map +0 -1
- package/dist/prompts/nccoe-demo.d.ts +0 -14
- package/dist/prompts/nccoe-demo.d.ts.map +0 -1
- package/dist/prompts/nccoe-demo.js +0 -47
- package/dist/prompts/nccoe-demo.js.map +0 -1
- package/dist/resources/cosai-mapping.d.ts +0 -24
- package/dist/resources/cosai-mapping.d.ts.map +0 -1
- package/dist/resources/cosai-mapping.js +0 -127
- package/dist/resources/cosai-mapping.js.map +0 -1
- package/dist/resources/crypto-primitives.d.ts +0 -3
- package/dist/resources/crypto-primitives.d.ts.map +0 -1
- package/dist/resources/crypto-primitives.js +0 -52
- package/dist/resources/crypto-primitives.js.map +0 -1
- package/dist/resources/sample-bundle.d.ts +0 -6
- package/dist/resources/sample-bundle.d.ts.map +0 -1
- package/dist/resources/sample-bundle.js +0 -58
- package/dist/resources/sample-bundle.js.map +0 -1
- package/dist/resources/specification.d.ts +0 -3
- package/dist/resources/specification.d.ts.map +0 -1
- package/dist/resources/specification.js +0 -161
- package/dist/resources/specification.js.map +0 -1
- package/dist/tools/create-artifact.d.ts +0 -25
- package/dist/tools/create-artifact.d.ts.map +0 -1
- package/dist/tools/create-artifact.js +0 -85
- package/dist/tools/create-artifact.js.map +0 -1
- package/dist/tools/delegate-subagent.d.ts +0 -18
- package/dist/tools/delegate-subagent.d.ts.map +0 -1
- package/dist/tools/delegate-subagent.js +0 -50
- package/dist/tools/delegate-subagent.js.map +0 -1
- package/dist/tools/disclose-claim.d.ts +0 -14
- package/dist/tools/disclose-claim.d.ts.map +0 -1
- package/dist/tools/disclose-claim.js +0 -23
- package/dist/tools/disclose-claim.js.map +0 -1
- package/dist/tools/export-bundle.d.ts +0 -8
- package/dist/tools/export-bundle.d.ts.map +0 -1
- package/dist/tools/export-bundle.js +0 -25
- package/dist/tools/export-bundle.js.map +0 -1
- package/dist/tools/full-lifecycle.d.ts +0 -16
- package/dist/tools/full-lifecycle.d.ts.map +0 -1
- package/dist/tools/full-lifecycle.js +0 -121
- package/dist/tools/full-lifecycle.js.map +0 -1
- package/dist/tools/generate-receipt.d.ts +0 -16
- package/dist/tools/generate-receipt.d.ts.map +0 -1
- package/dist/tools/generate-receipt.js +0 -31
- package/dist/tools/generate-receipt.js.map +0 -1
- package/dist/tools/get-chain.d.ts +0 -14
- package/dist/tools/get-chain.d.ts.map +0 -1
- package/dist/tools/get-chain.js +0 -45
- package/dist/tools/get-chain.js.map +0 -1
- package/dist/tools/get-portal-state.d.ts +0 -8
- package/dist/tools/get-portal-state.d.ts.map +0 -1
- package/dist/tools/get-portal-state.js +0 -15
- package/dist/tools/get-portal-state.js.map +0 -1
- package/dist/tools/init-chain.d.ts +0 -10
- package/dist/tools/init-chain.d.ts.map +0 -1
- package/dist/tools/init-chain.js +0 -13
- package/dist/tools/init-chain.js.map +0 -1
- package/dist/tools/measure-behavior.d.ts +0 -12
- package/dist/tools/measure-behavior.d.ts.map +0 -1
- package/dist/tools/measure-behavior.js +0 -29
- package/dist/tools/measure-behavior.js.map +0 -1
- package/dist/tools/measure-subject.d.ts +0 -15
- package/dist/tools/measure-subject.d.ts.map +0 -1
- package/dist/tools/measure-subject.js +0 -106
- package/dist/tools/measure-subject.js.map +0 -1
- package/dist/tools/quarantine-status.d.ts +0 -8
- package/dist/tools/quarantine-status.d.ts.map +0 -1
- package/dist/tools/quarantine-status.js +0 -16
- package/dist/tools/quarantine-status.js.map +0 -1
- package/dist/tools/revoke-artifact.d.ts +0 -13
- package/dist/tools/revoke-artifact.d.ts.map +0 -1
- package/dist/tools/revoke-artifact.js +0 -24
- package/dist/tools/revoke-artifact.js.map +0 -1
- package/dist/tools/rotate-keys.d.ts +0 -13
- package/dist/tools/rotate-keys.d.ts.map +0 -1
- package/dist/tools/rotate-keys.js +0 -39
- package/dist/tools/rotate-keys.js.map +0 -1
- package/dist/tools/server-info.d.ts +0 -8
- package/dist/tools/server-info.d.ts.map +0 -1
- package/dist/tools/server-info.js +0 -23
- package/dist/tools/server-info.js.map +0 -1
- package/dist/tools/set-verification-tier.d.ts +0 -11
- package/dist/tools/set-verification-tier.d.ts.map +0 -1
- package/dist/tools/set-verification-tier.js +0 -31
- package/dist/tools/set-verification-tier.js.map +0 -1
- package/dist/tools/start-monitoring.d.ts +0 -12
- package/dist/tools/start-monitoring.d.ts.map +0 -1
- package/dist/tools/start-monitoring.js +0 -17
- package/dist/tools/start-monitoring.js.map +0 -1
- package/dist/tools/trigger-measurement.d.ts +0 -15
- package/dist/tools/trigger-measurement.d.ts.map +0 -1
- package/dist/tools/trigger-measurement.js +0 -86
- package/dist/tools/trigger-measurement.js.map +0 -1
- package/dist/tools/verify-artifact.d.ts +0 -13
- package/dist/tools/verify-artifact.d.ts.map +0 -1
- package/dist/tools/verify-artifact.js +0 -6
- package/dist/tools/verify-artifact.js.map +0 -1
- package/dist/tools/verify-bundle.d.ts +0 -13
- package/dist/tools/verify-bundle.d.ts.map +0 -1
- package/dist/tools/verify-bundle.js +0 -6
- package/dist/tools/verify-bundle.js.map +0 -1
- package/dist/types.d.ts +0 -261
- package/dist/types.d.ts.map +0 -1
- package/dist/types.js +0 -8
- package/dist/types.js.map +0 -1
package/dist/core/portal.js
CHANGED
|
@@ -13,6 +13,7 @@ export class Portal {
|
|
|
13
13
|
sequenceCounter = 0;
|
|
14
14
|
lastLeafHash = null;
|
|
15
15
|
revocations = new Set();
|
|
16
|
+
degradationLog = [];
|
|
16
17
|
loadArtifact(artifact, pinnedPkHex) {
|
|
17
18
|
this.state = 'ARTIFACT_VERIFICATION';
|
|
18
19
|
const { signature, ...unsigned } = artifact;
|
|
@@ -37,16 +38,22 @@ export class Portal {
|
|
|
37
38
|
throw new Error('No artifact loaded');
|
|
38
39
|
if (this.state === 'TERMINATED')
|
|
39
40
|
throw new Error('Portal is terminated');
|
|
40
|
-
|
|
41
|
-
throw new Error('Portal is in safe state - artifact revoked');
|
|
41
|
+
// SAFE_STATE allows continued measurement for logging
|
|
42
42
|
const empty = { currentBytesHash: '', currentMetaHash: '',
|
|
43
43
|
expectedBytesHash: this.artifact.subject_identifier.bytes_hash,
|
|
44
44
|
expectedMetaHash: this.artifact.subject_identifier.metadata_hash };
|
|
45
|
-
//
|
|
45
|
+
// Graceful degradation: TTL expiry -> SAFE_STATE + DEGRADATION event + continued logging
|
|
46
46
|
const ttl_ok = !isExpired(this.artifact.issued_timestamp, this.artifact.enforcement_parameters.ttl_seconds);
|
|
47
47
|
if (!ttl_ok) {
|
|
48
|
-
this.state
|
|
49
|
-
|
|
48
|
+
const prevState = this.state;
|
|
49
|
+
this.state = 'SAFE_STATE';
|
|
50
|
+
this.degradationLog.push({
|
|
51
|
+
reason: 'TTL_EXPIRED',
|
|
52
|
+
timestamp: utcNow(),
|
|
53
|
+
artifact_reference: this.artifact.sealed_hash,
|
|
54
|
+
previous_state: prevState,
|
|
55
|
+
});
|
|
56
|
+
return { match: false, ttl_ok: false, revoked: false, degraded: true, ...empty };
|
|
50
57
|
}
|
|
51
58
|
// Fail-closed: revocation check
|
|
52
59
|
if (this.revocations.has(this.artifact.sealed_hash)) {
|
|
@@ -69,10 +76,8 @@ export class Portal {
|
|
|
69
76
|
throw new Error(`Cannot enforce in state ${this.state}`);
|
|
70
77
|
switch (action) {
|
|
71
78
|
case 'TERMINATE':
|
|
72
|
-
this.state = 'TERMINATED';
|
|
73
|
-
break;
|
|
74
79
|
case 'SAFE_STATE':
|
|
75
|
-
this.state = '
|
|
80
|
+
this.state = 'TERMINATED';
|
|
76
81
|
break;
|
|
77
82
|
case 'QUARANTINE':
|
|
78
83
|
this.state = 'PHANTOM_QUARANTINE';
|
|
@@ -83,11 +88,10 @@ export class Portal {
|
|
|
83
88
|
default: break;
|
|
84
89
|
}
|
|
85
90
|
}
|
|
86
|
-
revoke(sealedHash
|
|
91
|
+
revoke(sealedHash) {
|
|
87
92
|
this.revocations.add(sealedHash);
|
|
88
|
-
if (this.artifact?.sealed_hash === sealedHash)
|
|
89
|
-
this.state =
|
|
90
|
-
}
|
|
93
|
+
if (this.artifact?.sealed_hash === sealedHash)
|
|
94
|
+
this.state = 'TERMINATED';
|
|
91
95
|
}
|
|
92
96
|
isRevoked(sealedHash) { return this.revocations.has(sealedHash); }
|
|
93
97
|
reset() {
|
package/dist/core/portal.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAuB1E,MAAM,OAAO,MAAM;IACjB,KAAK,GAAgB,gBAAgB,CAAC;IACtC,QAAQ,GAA0B,IAAI,CAAC;IACvC,eAAe,GAAG,CAAC,CAAC;IACpB,YAAY,GAAmB,IAAI,CAAC;IACpC,WAAW,GAAgB,IAAI,GAAG,EAAE,CAAC;IACrC,cAAc,GAAuB,EAAE,CAAC;IAExC,YAAY,CAAC,QAAwB,EAAE,WAAmB;QACxD,IAAI,CAAC,KAAK,GAAG,uBAAuB,CAAC;QACrC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QAC5C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,mBAAmB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3F,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QAC9F,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,OAAO,CAAC,YAAwB,EAAE,IAAqB;QACrD,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzE,sDAAsD;QACtD,MAAM,KAAK,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE;YACvD,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;QAErE,yFAAyF;QACzF,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAC5G,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC;YAC7B,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAC1B,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;gBACvB,MAAM,EAAE,aAAa;gBACrB,SAAS,EAAE,MAAM,EAAE;gBACnB,kBAAkB,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;gBAC7C,cAAc,EAAE,SAAS;aAC1B,CAAC,CAAC;YACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC;QACnF,CAAC;QAED,gCAAgC;QAChC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAChE,eAAe,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QAEjF,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,mBAAmB;YAAE,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAChF,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,eAAe;YAC/C,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa;YAChE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,MAAyB;QAC/B,IAAI,IAAI,CAAC,KAAK,KAAK,gBAAgB;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9F,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,WAAW,CAAC;YAAC,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;gBAAC,MAAM;YACtE,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,oBAAoB,CAAC;gBAAC,MAAM;YAC5D,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;gBAAC,MAAM;YAC3D,OAAO,CAAC,CAAC,MAAM;QACjB,CAAC;IACH,CAAC;IAED,MAAM,CAAC,UAAkB;QACvB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,QAAQ,EAAE,WAAW,KAAK,UAAU;YAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;IAC3E,CAAC;IAED,SAAS,CAAC,UAAkB,IAAa,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAEnF,KAAK;QACH,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACpD,IAAI,CAAC,eAAe,GAAG,CAAC,CAAC;QAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IACrD,CAAC;CACF"}
|
package/dist/core/types.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* V3: Aligned with NIST-2025-0035 and NCCoE AI Agent Identity filings.
|
|
3
|
-
|
|
3
|
+
*/
|
|
4
4
|
import type { HashHex, SignatureBase64, SaltHex, MerkleInclusionProof } from '../crypto/types.js';
|
|
5
5
|
export interface SubjectIdentifier {
|
|
6
6
|
bytes_hash: HashHex;
|
|
@@ -22,6 +22,13 @@ export interface EnforcementParams {
|
|
|
22
22
|
enforcement_triggers: EnforcementAction[];
|
|
23
23
|
re_attestation_required: boolean;
|
|
24
24
|
measurement_types: MeasurementType[];
|
|
25
|
+
behavioral_baseline?: BehavioralBaselineRef;
|
|
26
|
+
}
|
|
27
|
+
/** Inline behavioral baseline reference for EnforcementParams (NCCoE §6, CAISI §1a) */
|
|
28
|
+
export interface BehavioralBaselineRef {
|
|
29
|
+
permitted_tools: string[];
|
|
30
|
+
forbidden_sequences: string[][];
|
|
31
|
+
rate_limits: Record<string, number>;
|
|
25
32
|
}
|
|
26
33
|
export type Sensitivity = 'S1_LOW' | 'S2_MODERATE' | 'S3_HIGH' | 'S4_CRITICAL';
|
|
27
34
|
export type DisclosureMode = 'PROOF_ONLY' | 'REVEAL_MIN' | 'REVEAL_FULL';
|
|
@@ -78,7 +85,7 @@ export interface SignedReceipt {
|
|
|
78
85
|
previous_leaf_hash: HashHex | null;
|
|
79
86
|
portal_signature: SignatureBase64;
|
|
80
87
|
}
|
|
81
|
-
export type EventType = 'GENESIS' | 'POLICY_ISSUANCE' | 'INTERACTION_RECEIPT' | 'REVOCATION' | 'ATTESTATION' | 'ANCHOR_BATCH' | 'DISCLOSURE' | 'SUBSTITUTION' | 'KEY_ROTATION' | 'BEHAVIORAL_DRIFT' | 'DELEGATION' | 'RE_ATTESTATION';
|
|
88
|
+
export type EventType = 'GENESIS' | 'POLICY_ISSUANCE' | 'INTERACTION_RECEIPT' | 'REVOCATION' | 'ATTESTATION' | 'ANCHOR_BATCH' | 'DISCLOSURE' | 'SUBSTITUTION' | 'KEY_ROTATION' | 'BEHAVIORAL_DRIFT' | 'DELEGATION' | 'DEGRADATION' | 'RE_ATTESTATION';
|
|
82
89
|
export interface GenesisPayload {
|
|
83
90
|
protocol_version: string;
|
|
84
91
|
taxonomy_version: string;
|
|
@@ -127,6 +134,7 @@ export interface EvidenceBundle {
|
|
|
127
134
|
checkpoint_reference: CheckpointReference;
|
|
128
135
|
public_key: string;
|
|
129
136
|
bundle_signature: SignatureBase64;
|
|
137
|
+
verification_tier?: VerificationTier;
|
|
130
138
|
}
|
|
131
139
|
export interface DisclosureRequest {
|
|
132
140
|
requested_claim_id: string;
|
|
@@ -162,5 +170,24 @@ export interface QuarantineState {
|
|
|
162
170
|
type: string;
|
|
163
171
|
data: unknown;
|
|
164
172
|
}>;
|
|
173
|
+
forensic_receipts?: string[];
|
|
174
|
+
}
|
|
175
|
+
export interface DelegationRecord {
|
|
176
|
+
sub_agent_id: string;
|
|
177
|
+
parent_artifact_reference: HashHex;
|
|
178
|
+
child_artifact: PolicyArtifact;
|
|
179
|
+
permitted_tools: string[];
|
|
180
|
+
ttl_seconds: number;
|
|
181
|
+
delegation_timestamp: string;
|
|
182
|
+
chain_sequence: number;
|
|
183
|
+
}
|
|
184
|
+
export interface KeyRotationRecord {
|
|
185
|
+
keypair_type: string;
|
|
186
|
+
old_public_key: string;
|
|
187
|
+
new_public_key: string;
|
|
188
|
+
reason: string;
|
|
189
|
+
rotation_timestamp: string;
|
|
190
|
+
chain_sequence: number;
|
|
165
191
|
}
|
|
192
|
+
export type SensitivityLevel = 'S1' | 'S2' | 'S3' | 'S4';
|
|
166
193
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/core/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;EAEE;AACF,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAIlG,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAEjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAAG,gBAAgB,GAAG,iBAAiB,GACzD,iBAAiB,GAAI,MAAM,GAAa,WAAW,GACnD,gBAAgB,GAAK,cAAc,GAAK,mBAAmB,GAC3D,gBAAgB,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;IACrC,mBAAmB,CAAC,EAAE,qBAAqB,CAAC;CAC7C;AAED,uFAAuF;AACvF,MAAM,WAAW,qBAAqB;IACpC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,mBAAmB,EAAE,MAAM,EAAE,EAAE,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrC;AAID,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAC/E,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAEzE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,GACd,kBAAkB,GAClB,YAAY,GACZ,aAAa,GACb,gBAAgB,CAAC;AAErB,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CACpC;AAID,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,oBAAoB,EAAE,CAAC;IACtC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;IAClC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;CACtC;AAID,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,uBAAuB,GACvB,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,YAAY,GACZ,YAAY,CAAC;AAEjB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAM5D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAC3E,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAID,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,yBAAyB,EAAE,OAAO,CAAC;IACnC,cAAc,EAAE,cAAc,CAAC;IAC/B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,MAAM,gBAAgB,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC"}
|
package/dist/crypto/index.d.ts
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
|
-
export
|
|
2
|
-
export
|
|
3
|
-
export
|
|
4
|
-
export
|
|
5
|
-
export
|
|
6
|
-
export { keyFingerprint, isKeyValid, rotateKeyPair } from './keys.js';
|
|
1
|
+
export * from './types.js';
|
|
2
|
+
export * from './hash.js';
|
|
3
|
+
export * from './sign.js';
|
|
4
|
+
export * from './salt.js';
|
|
5
|
+
export * from './merkle.js';
|
|
7
6
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC"}
|
package/dist/crypto/index.js
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
|
-
export
|
|
2
|
-
export
|
|
3
|
-
export
|
|
4
|
-
export
|
|
5
|
-
export
|
|
6
|
-
export { keyFingerprint, isKeyValid, rotateKeyPair } from './keys.js';
|
|
1
|
+
export * from './types.js';
|
|
2
|
+
export * from './hash.js';
|
|
3
|
+
export * from './sign.js';
|
|
4
|
+
export * from './salt.js';
|
|
5
|
+
export * from './merkle.js';
|
|
7
6
|
//# sourceMappingURL=index.js.map
|
package/dist/crypto/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC"}
|
package/dist/crypto/sign.d.ts
CHANGED
|
@@ -8,4 +8,6 @@ export declare const sigToB64: (s: Signature) => SignatureBase64;
|
|
|
8
8
|
export declare const b64ToSig: (b: SignatureBase64) => Signature;
|
|
9
9
|
export declare const pkToHex: (pk: Uint8Array) => string;
|
|
10
10
|
export declare const hexToPk: (h: string) => Uint8Array;
|
|
11
|
+
/** Key fingerprint: SHA-256 prefix of public key hex, 16-char hex identifier. */
|
|
12
|
+
export declare function keyFingerprint(publicKeyHex: string): string;
|
|
11
13
|
//# sourceMappingURL=sign.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../../src/crypto/sign.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../../src/crypto/sign.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAatE,wBAAgB,eAAe,IAAI,OAAO,CAGzC;AAED,wBAAgB,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,GAAG,SAAS,CAA6B;AAC7F,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,GAAG,SAAS,CAAsC;AAErG,wBAAgB,MAAM,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,GAAG,OAAO,CAE/E;AACD,wBAAgB,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,GAAG,OAAO,CAE9E;AAED,eAAO,MAAM,QAAQ,GAAI,GAAG,SAAS,KAAG,eAAoD,CAAC;AAC7F,eAAO,MAAM,QAAQ,GAAI,GAAG,eAAe,KAAG,SAAqD,CAAC;AACpG,eAAO,MAAM,OAAO,GAAI,IAAI,UAAU,KAAG,MAAwB,CAAC;AAClE,eAAO,MAAM,OAAO,GAAI,GAAG,MAAM,KAAG,UAA2B,CAAC;AAEhE,iFAAiF;AACjF,wBAAgB,cAAc,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAG3D"}
|
package/dist/crypto/sign.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import * as ed from '@noble/ed25519';
|
|
2
|
+
import { sha256 } from '@noble/hashes/sha256';
|
|
2
3
|
import { sha512 } from '@noble/hashes/sha512';
|
|
3
4
|
import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
|
|
4
5
|
// Set sha512 sync ONCE at module load
|
|
@@ -34,4 +35,9 @@ export const sigToB64 = (s) => Buffer.from(s).toString('base64');
|
|
|
34
35
|
export const b64ToSig = (b) => new Uint8Array(Buffer.from(b, 'base64'));
|
|
35
36
|
export const pkToHex = (pk) => bytesToHex(pk);
|
|
36
37
|
export const hexToPk = (h) => hexToBytes(h);
|
|
38
|
+
/** Key fingerprint: SHA-256 prefix of public key hex, 16-char hex identifier. */
|
|
39
|
+
export function keyFingerprint(publicKeyHex) {
|
|
40
|
+
const hash = bytesToHex(sha256(new TextEncoder().encode(publicKeyHex)));
|
|
41
|
+
return hash.slice(0, 16);
|
|
42
|
+
}
|
|
37
43
|
//# sourceMappingURL=sign.js.map
|
package/dist/crypto/sign.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../../src/crypto/sign.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAG7D,sCAAsC;AACtC,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAe,EAAE,EAAE;IACzC,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAAC,CAAC;IACxD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,MAAM,UAAU,eAAe;IAC7B,MAAM,SAAS,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IAC9C,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,GAAe,EAAE,EAAc,IAAe,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;AAC7F,MAAM,UAAU,OAAO,CAAC,GAAW,EAAE,EAAc,IAAe,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;AAErG,MAAM,UAAU,MAAM,CAAC,GAAc,EAAE,GAAe,EAAE,EAAc;IACpE,IAAI,CAAC;QAAC,OAAO,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AACjE,CAAC;AACD,MAAM,UAAU,SAAS,CAAC,GAAc,EAAE,GAAW,EAAE,EAAc;IACnE,OAAO,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,CAAY,EAAmB,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC7F,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,CAAkB,EAAa,EAAE,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;AACpG,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,EAAc,EAAU,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;AAClE,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,CAAS,EAAc,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../../src/crypto/sign.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAG7D,sCAAsC;AACtC,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAe,EAAE,EAAE;IACzC,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAAC,CAAC;IACxD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,MAAM,UAAU,eAAe;IAC7B,MAAM,SAAS,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IAC9C,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,GAAe,EAAE,EAAc,IAAe,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;AAC7F,MAAM,UAAU,OAAO,CAAC,GAAW,EAAE,EAAc,IAAe,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;AAErG,MAAM,UAAU,MAAM,CAAC,GAAc,EAAE,GAAe,EAAE,EAAc;IACpE,IAAI,CAAC;QAAC,OAAO,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AACjE,CAAC;AACD,MAAM,UAAU,SAAS,CAAC,GAAc,EAAE,GAAW,EAAE,EAAc;IACnE,OAAO,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,CAAY,EAAmB,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC7F,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,CAAkB,EAAa,EAAE,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;AACpG,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,EAAc,EAAU,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;AAClE,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,CAAS,EAAc,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AAEhE,iFAAiF;AACjF,MAAM,UAAU,cAAc,CAAC,YAAoB;IACjD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACxE,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC3B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -5,7 +5,7 @@ async function main() {
|
|
|
5
5
|
const server = await createAGAServer();
|
|
6
6
|
const transport = new StdioServerTransport();
|
|
7
7
|
await server.connect(transport);
|
|
8
|
-
console.error('AGA MCP Server
|
|
8
|
+
console.error('AGA MCP Server running on stdio');
|
|
9
9
|
}
|
|
10
10
|
main().catch(e => { console.error('Fatal:', e); process.exit(1); });
|
|
11
11
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;AACnD,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC"}
|
|
@@ -1,9 +1,15 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Governance Middleware
|
|
2
|
+
* Governance Middleware - wraps every MCP tool handler.
|
|
3
3
|
*
|
|
4
4
|
* NCCoE filing Section 4: "The portal operates as a Policy Enforcement Point (PEP)...
|
|
5
5
|
* Every tool invocation, API call, actuator command, and data access passes through
|
|
6
6
|
* the portal, which evaluates it against the sealed artifact's enforcement parameters."
|
|
7
|
+
*
|
|
8
|
+
* Behavior:
|
|
9
|
+
* - TERMINATED state → reject all governed tools
|
|
10
|
+
* - PHANTOM_QUARANTINE → capture tool call as forensic input, reject
|
|
11
|
+
* - ACTIVE_MONITORING → allow, log to chain
|
|
12
|
+
* - Ungoverned tools (get_server_info, get_portal_state, list_claims) → always allow
|
|
7
13
|
*/
|
|
8
14
|
import type { Portal } from '../core/portal.js';
|
|
9
15
|
import type { QuarantineState } from '../core/types.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAI/D,MAAM,MAAM,UAAU,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE,CAAC;AAC5E,MAAM,MAAM,WAAW,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;AAapE,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE;IAAE,OAAO,EAAE,eAAe,GAAG,IAAI,CAAA;CAAE,EAC/C,QAAQ,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,iBAAiB,IAIT,CAAC,EAAE,SAAS,WAAW,CAAC,CAAC,CAAC,KAAG,WAAW,CAAC,CAAC,CAAC,CAoDxE"}
|
|
@@ -2,13 +2,14 @@ import { captureInput } from '../core/quarantine.js';
|
|
|
2
2
|
import { sha256Str } from '../crypto/hash.js';
|
|
3
3
|
import { canonicalize } from '../utils/canonical.js';
|
|
4
4
|
const UNGOVERNED_TOOLS = new Set([
|
|
5
|
-
|
|
6
|
-
'
|
|
7
|
-
'
|
|
8
|
-
|
|
9
|
-
'
|
|
10
|
-
'
|
|
11
|
-
'
|
|
5
|
+
'get_server_info',
|
|
6
|
+
'get_portal_state',
|
|
7
|
+
'get_receipts',
|
|
8
|
+
'get_chain_events',
|
|
9
|
+
'list_claims',
|
|
10
|
+
'init_chain', // must work before attestation
|
|
11
|
+
'attest_subject', // creates the governance relationship
|
|
12
|
+
'verify_chain', // read-only verification
|
|
12
13
|
]);
|
|
13
14
|
export function createGovernanceWrapper(portal, quarantine, toolName, behavioralMonitor) {
|
|
14
15
|
const isGoverned = !UNGOVERNED_TOOLS.has(toolName);
|
|
@@ -19,17 +20,21 @@ export function createGovernanceWrapper(portal, quarantine, toolName, behavioral
|
|
|
19
20
|
const j = (x) => ({
|
|
20
21
|
content: [{ type: 'text', text: JSON.stringify(x, null, 2) }]
|
|
21
22
|
});
|
|
22
|
-
|
|
23
|
+
// TERMINATED → reject everything
|
|
24
|
+
if (portal.state === 'TERMINATED') {
|
|
23
25
|
return j({
|
|
24
26
|
success: false,
|
|
25
|
-
error:
|
|
27
|
+
error: 'GOVERNANCE_BLOCKED: Portal is terminated. Agent governance has been revoked. Re-attestation required.',
|
|
26
28
|
portal_state: portal.state,
|
|
27
29
|
tool: toolName,
|
|
28
30
|
});
|
|
29
31
|
}
|
|
32
|
+
// PHANTOM_QUARANTINE → capture as forensic input, reject
|
|
30
33
|
if (portal.state === 'PHANTOM_QUARANTINE' && quarantine.current?.active) {
|
|
31
34
|
captureInput(quarantine.current, `tool_call:${toolName}`, {
|
|
32
|
-
tool: toolName,
|
|
35
|
+
tool: toolName,
|
|
36
|
+
args,
|
|
37
|
+
timestamp: new Date().toISOString(),
|
|
33
38
|
});
|
|
34
39
|
return j({
|
|
35
40
|
success: false,
|
|
@@ -39,14 +44,16 @@ export function createGovernanceWrapper(portal, quarantine, toolName, behavioral
|
|
|
39
44
|
forensic_capture: true,
|
|
40
45
|
});
|
|
41
46
|
}
|
|
47
|
+
// INITIALIZATION or ARTIFACT_VERIFICATION → not yet governed
|
|
42
48
|
if (portal.state === 'INITIALIZATION' || portal.state === 'ARTIFACT_VERIFICATION') {
|
|
43
49
|
return j({
|
|
44
50
|
success: false,
|
|
45
|
-
error: 'GOVERNANCE_NOT_READY: No active policy artifact. Call
|
|
51
|
+
error: 'GOVERNANCE_NOT_READY: No active policy artifact. Call attest_subject first.',
|
|
46
52
|
portal_state: portal.state,
|
|
47
53
|
tool: toolName,
|
|
48
54
|
});
|
|
49
55
|
}
|
|
56
|
+
// ACTIVE_MONITORING or DRIFT_DETECTED → record + allow through
|
|
50
57
|
if (behavioralMonitor) {
|
|
51
58
|
const argsHash = sha256Str(canonicalize(args));
|
|
52
59
|
behavioralMonitor.recordInvocation(toolName, argsHash);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAKrD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,iBAAiB;IACjB,kBAAkB;IAClB,cAAc;IACd,kBAAkB;IAClB,aAAa;IACb,YAAY,EAAS,+BAA+B;IACpD,gBAAgB,EAAK,sCAAsC;IAC3D,cAAc,EAAO,yBAAyB;CAC/C,CAAC,CAAC;AAEH,MAAM,UAAU,uBAAuB,CACrC,MAAc,EACd,UAA+C,EAC/C,QAAgB,EAChB,iBAAqC;IAErC,MAAM,UAAU,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAEnD,OAAO,SAAS,WAAW,CAAI,OAAuB;QACpD,IAAI,CAAC,UAAU;YAAE,OAAO,OAAO,CAAC;QAEhC,OAAO,KAAK,EAAE,IAAO,EAAuB,EAAE;YAC5C,MAAM,CAAC,GAAG,CAAC,CAAU,EAAc,EAAE,CAAC,CAAC;gBACrC,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aAC9D,CAAC,CAAC;YAEH,iCAAiC;YACjC,IAAI,MAAM,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC;gBAClC,OAAO,CAAC,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,uGAAuG;oBAC9G,YAAY,EAAE,MAAM,CAAC,KAAK;oBAC1B,IAAI,EAAE,QAAQ;iBACf,CAAC,CAAC;YACL,CAAC;YAED,yDAAyD;YACzD,IAAI,MAAM,CAAC,KAAK,KAAK,oBAAoB,IAAI,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;gBACxE,YAAY,CAAC,UAAU,CAAC,OAAO,EAAE,aAAa,QAAQ,EAAE,EAAE;oBACxD,IAAI,EAAE,QAAQ;oBACd,IAAI;oBACJ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAC,CAAC;gBACH,OAAO,CAAC,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,mIAAmI;oBAC1I,YAAY,EAAE,MAAM,CAAC,KAAK;oBAC1B,IAAI,EAAE,QAAQ;oBACd,gBAAgB,EAAE,IAAI;iBACvB,CAAC,CAAC;YACL,CAAC;YAED,6DAA6D;YAC7D,IAAI,MAAM,CAAC,KAAK,KAAK,gBAAgB,IAAI,MAAM,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;gBAClF,OAAO,CAAC,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,6EAA6E;oBACpF,YAAY,EAAE,MAAM,CAAC,KAAK;oBAC1B,IAAI,EAAE,QAAQ;iBACf,CAAC,CAAC;YACL,CAAC;YAED,+DAA+D;YAC/D,IAAI,iBAAiB,EAAE,CAAC;gBACtB,MAAM,QAAQ,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC/C,iBAAiB,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACzD,CAAC;YACD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/server.d.ts
CHANGED
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* AGA MCP Server
|
|
2
|
+
* AGA MCP Server. The Portal (ref 150) as an MCP service.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
4
|
+
* V3 NIST-aligned behaviors:
|
|
5
|
+
* 1. Every measurement generates a receipt (match OR mismatch)
|
|
6
|
+
* 2. TTL checked on every measurement (fail-closed)
|
|
7
|
+
* 3. Mid-session revocation via revoke_artifact tool
|
|
8
|
+
* 4. Governance middleware: portal state checked before tool execution
|
|
9
|
+
* 5. Auto-chaining: every operation writes to continuity chain
|
|
6
10
|
*/
|
|
7
11
|
import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
8
12
|
export declare function createAGAServer(): Promise<McpServer>;
|
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAiDpE,wBAAsB,eAAe,IAAI,OAAO,CAAC,SAAS,CAAC,CAuX1D"}
|