@attested-intelligence/aga-mcp-server 2.1.0 → 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +209 -124
- package/dist/adapters/openclaw.d.ts +0 -1
- package/dist/adapters/openclaw.d.ts.map +1 -1
- package/dist/adapters/openclaw.js +0 -1
- package/dist/adapters/openclaw.js.map +1 -1
- package/dist/core/bundle.d.ts +9 -2
- package/dist/core/bundle.d.ts.map +1 -1
- package/dist/core/bundle.js +16 -2
- package/dist/core/bundle.js.map +1 -1
- package/dist/core/identity.d.ts +19 -10
- package/dist/core/identity.d.ts.map +1 -1
- package/dist/core/identity.js +45 -11
- package/dist/core/identity.js.map +1 -1
- package/dist/core/portal.d.ts +10 -1
- package/dist/core/portal.d.ts.map +1 -1
- package/dist/core/portal.js +16 -12
- package/dist/core/portal.js.map +1 -1
- package/dist/core/types.d.ts +29 -2
- package/dist/core/types.d.ts.map +1 -1
- package/dist/crypto/index.d.ts +5 -6
- package/dist/crypto/index.d.ts.map +1 -1
- package/dist/crypto/index.js +5 -6
- package/dist/crypto/index.js.map +1 -1
- package/dist/crypto/sign.d.ts +2 -0
- package/dist/crypto/sign.d.ts.map +1 -1
- package/dist/crypto/sign.js +6 -0
- package/dist/crypto/sign.js.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware/governance.d.ts +7 -1
- package/dist/middleware/governance.d.ts.map +1 -1
- package/dist/middleware/governance.js +18 -11
- package/dist/middleware/governance.js.map +1 -1
- package/dist/proxy/evaluator.d.ts +0 -1
- package/dist/proxy/evaluator.d.ts.map +1 -1
- package/dist/proxy/evaluator.js +0 -1
- package/dist/proxy/evaluator.js.map +1 -1
- package/dist/proxy/index.d.ts +0 -1
- package/dist/proxy/index.d.ts.map +1 -1
- package/dist/proxy/index.js +0 -1
- package/dist/proxy/index.js.map +1 -1
- package/dist/proxy/profiles.d.ts +0 -1
- package/dist/proxy/profiles.d.ts.map +1 -1
- package/dist/proxy/profiles.js +0 -1
- package/dist/proxy/profiles.js.map +1 -1
- package/dist/proxy/server.d.ts +0 -1
- package/dist/proxy/server.d.ts.map +1 -1
- package/dist/proxy/server.js +0 -1
- package/dist/proxy/server.js.map +1 -1
- package/dist/proxy/stdio-bridge.d.ts +0 -1
- package/dist/proxy/stdio-bridge.d.ts.map +1 -1
- package/dist/proxy/stdio-bridge.js +0 -1
- package/dist/proxy/stdio-bridge.js.map +1 -1
- package/dist/proxy/types.d.ts +0 -1
- package/dist/proxy/types.d.ts.map +1 -1
- package/dist/proxy/types.js +0 -1
- package/dist/proxy/types.js.map +1 -1
- package/dist/proxy/verify.d.ts +0 -1
- package/dist/proxy/verify.d.ts.map +1 -1
- package/dist/proxy/verify.js +0 -1
- package/dist/proxy/verify.js.map +1 -1
- package/dist/server.d.ts +7 -3
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +342 -214
- package/dist/server.js.map +1 -1
- package/dist/storage/sqlite.js +6 -6
- package/package.json +28 -12
- package/dist/context.d.ts +0 -39
- package/dist/context.d.ts.map +0 -1
- package/dist/context.js +0 -113
- package/dist/context.js.map +0 -1
- package/dist/core/measurement.d.ts +0 -16
- package/dist/core/measurement.d.ts.map +0 -1
- package/dist/core/measurement.js +0 -18
- package/dist/core/measurement.js.map +0 -1
- package/dist/crypto/canonicalize.d.ts +0 -7
- package/dist/crypto/canonicalize.d.ts.map +0 -1
- package/dist/crypto/canonicalize.js +0 -21
- package/dist/crypto/canonicalize.js.map +0 -1
- package/dist/crypto/keys.d.ts +0 -10
- package/dist/crypto/keys.d.ts.map +0 -1
- package/dist/crypto/keys.js +0 -19
- package/dist/crypto/keys.js.map +0 -1
- package/dist/prompts/drift-analysis.d.ts +0 -13
- package/dist/prompts/drift-analysis.d.ts.map +0 -1
- package/dist/prompts/drift-analysis.js +0 -43
- package/dist/prompts/drift-analysis.js.map +0 -1
- package/dist/prompts/governance-report.d.ts +0 -7
- package/dist/prompts/governance-report.d.ts.map +0 -1
- package/dist/prompts/governance-report.js +0 -26
- package/dist/prompts/governance-report.js.map +0 -1
- package/dist/prompts/nccoe-demo.d.ts +0 -14
- package/dist/prompts/nccoe-demo.d.ts.map +0 -1
- package/dist/prompts/nccoe-demo.js +0 -47
- package/dist/prompts/nccoe-demo.js.map +0 -1
- package/dist/resources/cosai-mapping.d.ts +0 -24
- package/dist/resources/cosai-mapping.d.ts.map +0 -1
- package/dist/resources/cosai-mapping.js +0 -127
- package/dist/resources/cosai-mapping.js.map +0 -1
- package/dist/resources/crypto-primitives.d.ts +0 -3
- package/dist/resources/crypto-primitives.d.ts.map +0 -1
- package/dist/resources/crypto-primitives.js +0 -52
- package/dist/resources/crypto-primitives.js.map +0 -1
- package/dist/resources/sample-bundle.d.ts +0 -6
- package/dist/resources/sample-bundle.d.ts.map +0 -1
- package/dist/resources/sample-bundle.js +0 -58
- package/dist/resources/sample-bundle.js.map +0 -1
- package/dist/resources/specification.d.ts +0 -3
- package/dist/resources/specification.d.ts.map +0 -1
- package/dist/resources/specification.js +0 -161
- package/dist/resources/specification.js.map +0 -1
- package/dist/tools/create-artifact.d.ts +0 -25
- package/dist/tools/create-artifact.d.ts.map +0 -1
- package/dist/tools/create-artifact.js +0 -85
- package/dist/tools/create-artifact.js.map +0 -1
- package/dist/tools/delegate-subagent.d.ts +0 -18
- package/dist/tools/delegate-subagent.d.ts.map +0 -1
- package/dist/tools/delegate-subagent.js +0 -50
- package/dist/tools/delegate-subagent.js.map +0 -1
- package/dist/tools/disclose-claim.d.ts +0 -14
- package/dist/tools/disclose-claim.d.ts.map +0 -1
- package/dist/tools/disclose-claim.js +0 -23
- package/dist/tools/disclose-claim.js.map +0 -1
- package/dist/tools/export-bundle.d.ts +0 -8
- package/dist/tools/export-bundle.d.ts.map +0 -1
- package/dist/tools/export-bundle.js +0 -25
- package/dist/tools/export-bundle.js.map +0 -1
- package/dist/tools/full-lifecycle.d.ts +0 -16
- package/dist/tools/full-lifecycle.d.ts.map +0 -1
- package/dist/tools/full-lifecycle.js +0 -121
- package/dist/tools/full-lifecycle.js.map +0 -1
- package/dist/tools/generate-receipt.d.ts +0 -16
- package/dist/tools/generate-receipt.d.ts.map +0 -1
- package/dist/tools/generate-receipt.js +0 -31
- package/dist/tools/generate-receipt.js.map +0 -1
- package/dist/tools/get-chain.d.ts +0 -14
- package/dist/tools/get-chain.d.ts.map +0 -1
- package/dist/tools/get-chain.js +0 -45
- package/dist/tools/get-chain.js.map +0 -1
- package/dist/tools/get-portal-state.d.ts +0 -8
- package/dist/tools/get-portal-state.d.ts.map +0 -1
- package/dist/tools/get-portal-state.js +0 -15
- package/dist/tools/get-portal-state.js.map +0 -1
- package/dist/tools/init-chain.d.ts +0 -10
- package/dist/tools/init-chain.d.ts.map +0 -1
- package/dist/tools/init-chain.js +0 -13
- package/dist/tools/init-chain.js.map +0 -1
- package/dist/tools/measure-behavior.d.ts +0 -12
- package/dist/tools/measure-behavior.d.ts.map +0 -1
- package/dist/tools/measure-behavior.js +0 -29
- package/dist/tools/measure-behavior.js.map +0 -1
- package/dist/tools/measure-subject.d.ts +0 -15
- package/dist/tools/measure-subject.d.ts.map +0 -1
- package/dist/tools/measure-subject.js +0 -106
- package/dist/tools/measure-subject.js.map +0 -1
- package/dist/tools/quarantine-status.d.ts +0 -8
- package/dist/tools/quarantine-status.d.ts.map +0 -1
- package/dist/tools/quarantine-status.js +0 -16
- package/dist/tools/quarantine-status.js.map +0 -1
- package/dist/tools/revoke-artifact.d.ts +0 -13
- package/dist/tools/revoke-artifact.d.ts.map +0 -1
- package/dist/tools/revoke-artifact.js +0 -24
- package/dist/tools/revoke-artifact.js.map +0 -1
- package/dist/tools/rotate-keys.d.ts +0 -13
- package/dist/tools/rotate-keys.d.ts.map +0 -1
- package/dist/tools/rotate-keys.js +0 -39
- package/dist/tools/rotate-keys.js.map +0 -1
- package/dist/tools/server-info.d.ts +0 -8
- package/dist/tools/server-info.d.ts.map +0 -1
- package/dist/tools/server-info.js +0 -23
- package/dist/tools/server-info.js.map +0 -1
- package/dist/tools/set-verification-tier.d.ts +0 -11
- package/dist/tools/set-verification-tier.d.ts.map +0 -1
- package/dist/tools/set-verification-tier.js +0 -31
- package/dist/tools/set-verification-tier.js.map +0 -1
- package/dist/tools/start-monitoring.d.ts +0 -12
- package/dist/tools/start-monitoring.d.ts.map +0 -1
- package/dist/tools/start-monitoring.js +0 -17
- package/dist/tools/start-monitoring.js.map +0 -1
- package/dist/tools/trigger-measurement.d.ts +0 -15
- package/dist/tools/trigger-measurement.d.ts.map +0 -1
- package/dist/tools/trigger-measurement.js +0 -86
- package/dist/tools/trigger-measurement.js.map +0 -1
- package/dist/tools/verify-artifact.d.ts +0 -13
- package/dist/tools/verify-artifact.d.ts.map +0 -1
- package/dist/tools/verify-artifact.js +0 -6
- package/dist/tools/verify-artifact.js.map +0 -1
- package/dist/tools/verify-bundle.d.ts +0 -13
- package/dist/tools/verify-bundle.d.ts.map +0 -1
- package/dist/tools/verify-bundle.js +0 -6
- package/dist/tools/verify-bundle.js.map +0 -1
- package/dist/types.d.ts +0 -261
- package/dist/types.d.ts.map +0 -1
- package/dist/types.js +0 -8
- package/dist/types.js.map +0 -1
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
import type { ServerContext } from '../context.js';
|
|
2
|
-
export interface MeasureBehaviorArgs {
|
|
3
|
-
tool_name?: string;
|
|
4
|
-
record_only?: boolean;
|
|
5
|
-
}
|
|
6
|
-
export declare function handleMeasureBehavior(args: MeasureBehaviorArgs, ctx: ServerContext): Promise<{
|
|
7
|
-
content: Array<{
|
|
8
|
-
type: "text";
|
|
9
|
-
text: string;
|
|
10
|
-
}>;
|
|
11
|
-
}>;
|
|
12
|
-
//# sourceMappingURL=measure-behavior.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"measure-behavior.d.ts","sourceRoot":"","sources":["../../src/tools/measure-behavior.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,wBAAsB,qBAAqB,CAAC,IAAI,EAAE,mBAAmB,EAAE,GAAG,EAAE,aAAa;;;;;GA4BxF"}
|
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
import { sha256Str } from '../crypto/hash.js';
|
|
2
|
-
export async function handleMeasureBehavior(args, ctx) {
|
|
3
|
-
// If a tool_name is provided, record the invocation first
|
|
4
|
-
if (args.tool_name) {
|
|
5
|
-
ctx.behavioralMonitor.recordInvocation(args.tool_name, sha256Str(args.tool_name));
|
|
6
|
-
}
|
|
7
|
-
// If record_only, just acknowledge the recording
|
|
8
|
-
if (args.record_only) {
|
|
9
|
-
return ctx.json({
|
|
10
|
-
success: true,
|
|
11
|
-
recorded: args.tool_name,
|
|
12
|
-
record_only: true,
|
|
13
|
-
});
|
|
14
|
-
}
|
|
15
|
-
// Measure behavioral patterns
|
|
16
|
-
const measurement = ctx.behavioralMonitor.measure();
|
|
17
|
-
if (measurement.drift_detected) {
|
|
18
|
-
await ctx.appendToChain('BEHAVIORAL_DRIFT', {
|
|
19
|
-
violations: measurement.violations,
|
|
20
|
-
behavioral_hash: measurement.behavioral_hash,
|
|
21
|
-
});
|
|
22
|
-
}
|
|
23
|
-
return ctx.json({
|
|
24
|
-
success: true,
|
|
25
|
-
...measurement,
|
|
26
|
-
violation_count: measurement.violations.length,
|
|
27
|
-
});
|
|
28
|
-
}
|
|
29
|
-
//# sourceMappingURL=measure-behavior.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"measure-behavior.js","sourceRoot":"","sources":["../../src/tools/measure-behavior.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAQ9C,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAAyB,EAAE,GAAkB;IACvF,0DAA0D;IAC1D,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,GAAG,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACpF,CAAC;IAED,iDAAiD;IACjD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,OAAO,GAAG,CAAC,IAAI,CAAC;YACd,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;IACL,CAAC;IAED,8BAA8B;IAC9B,MAAM,WAAW,GAAG,GAAG,CAAC,iBAAiB,CAAC,OAAO,EAAE,CAAC;IACpD,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;QAC/B,MAAM,GAAG,CAAC,aAAa,CAAC,kBAAkB,EAAE;YAC1C,UAAU,EAAE,WAAW,CAAC,UAAU;YAClC,eAAe,EAAE,WAAW,CAAC,eAAe;SAC7C,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,GAAG,WAAW;QACd,eAAe,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;KAC/C,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
import type { ServerContext } from '../context.js';
|
|
2
|
-
import type { SubjectMetadata } from '../core/types.js';
|
|
3
|
-
export interface MeasureSubjectArgs {
|
|
4
|
-
subject_content?: string;
|
|
5
|
-
subject_bytes_hash?: string;
|
|
6
|
-
subject_metadata_hash?: string;
|
|
7
|
-
subject_metadata?: SubjectMetadata;
|
|
8
|
-
}
|
|
9
|
-
export declare function handleMeasureSubject(args: MeasureSubjectArgs, ctx: ServerContext): Promise<{
|
|
10
|
-
content: Array<{
|
|
11
|
-
type: "text";
|
|
12
|
-
text: string;
|
|
13
|
-
}>;
|
|
14
|
-
}>;
|
|
15
|
-
//# sourceMappingURL=measure-subject.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"measure-subject.d.ts","sourceRoot":"","sources":["../../src/tools/measure-subject.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,eAAe,EAAqB,MAAM,kBAAkB,CAAC;AAE3E,MAAM,WAAW,kBAAkB;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,CAAC,EAAE,eAAe,CAAC;CACpC;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,aAAa;;;;;GA0GtF"}
|
|
@@ -1,106 +0,0 @@
|
|
|
1
|
-
import { hashArtifact } from '../core/artifact.js';
|
|
2
|
-
import { generateReceipt } from '../core/receipt.js';
|
|
3
|
-
import { initQuarantine } from '../core/quarantine.js';
|
|
4
|
-
export async function handleMeasureSubject(args, ctx) {
|
|
5
|
-
if (!ctx.portal.artifact)
|
|
6
|
-
return ctx.error('No artifact loaded. Call aga_create_artifact first.');
|
|
7
|
-
if (ctx.portal.state === 'TERMINATED')
|
|
8
|
-
return ctx.error('Portal is terminated. Re-attest required.');
|
|
9
|
-
if (ctx.portal.state === 'SAFE_STATE')
|
|
10
|
-
return ctx.error('Portal is in safe state. Re-attest required.');
|
|
11
|
-
let currentBytesHash;
|
|
12
|
-
let currentMetaHash;
|
|
13
|
-
let match;
|
|
14
|
-
if (args.subject_bytes_hash) {
|
|
15
|
-
// Pre-computed hash mode
|
|
16
|
-
currentBytesHash = args.subject_bytes_hash;
|
|
17
|
-
currentMetaHash = args.subject_metadata_hash ?? ctx.portal.artifact.subject_identifier.metadata_hash;
|
|
18
|
-
match = currentBytesHash === ctx.portal.artifact.subject_identifier.bytes_hash &&
|
|
19
|
-
currentMetaHash === ctx.portal.artifact.subject_identifier.metadata_hash;
|
|
20
|
-
if (!match && ctx.portal.state === 'ACTIVE_MONITORING') {
|
|
21
|
-
ctx.portal.state = 'DRIFT_DETECTED';
|
|
22
|
-
}
|
|
23
|
-
}
|
|
24
|
-
else if (args.subject_content) {
|
|
25
|
-
// Content mode - use portal.measure()
|
|
26
|
-
const result = ctx.portal.measure(new TextEncoder().encode(args.subject_content), args.subject_metadata ?? {});
|
|
27
|
-
currentBytesHash = result.currentBytesHash;
|
|
28
|
-
currentMetaHash = result.currentMetaHash;
|
|
29
|
-
match = result.match;
|
|
30
|
-
if (!result.ttl_ok) {
|
|
31
|
-
ctx.measurementCount++;
|
|
32
|
-
const receipt = generateReceipt({
|
|
33
|
-
subjectId: ctx.portal.artifact.subject_identifier, artifactRef: hashArtifact(ctx.portal.artifact),
|
|
34
|
-
currentHash: 'UNAVAILABLE', sealedHash: `${result.expectedBytesHash}||${result.expectedMetaHash}`,
|
|
35
|
-
driftDetected: true, driftDescription: 'TTL expired - fail-closed termination', action: 'TERMINATE',
|
|
36
|
-
measurementType: ctx.portal.artifact.enforcement_parameters.measurement_types.join(','),
|
|
37
|
-
seq: ctx.portal.sequenceCounter + 1, prevLeaf: ctx.portal.lastLeafHash, portalKP: ctx.portalKP,
|
|
38
|
-
});
|
|
39
|
-
await ctx.storage.storeReceipt(receipt);
|
|
40
|
-
await ctx.appendToChain('INTERACTION_RECEIPT', { receipt_id: receipt.receipt_id, drift_detected: true, enforcement_action: 'TERMINATE' });
|
|
41
|
-
return ctx.json({ success: true, match: false, drift_detected: true, ttl_ok: false, revoked: false, enforcement_action: 'TERMINATE', portal_state: ctx.portal.state, receipt_id: receipt.receipt_id, measurement_count: ctx.measurementCount });
|
|
42
|
-
}
|
|
43
|
-
if (result.revoked) {
|
|
44
|
-
ctx.measurementCount++;
|
|
45
|
-
const receipt = generateReceipt({
|
|
46
|
-
subjectId: ctx.portal.artifact.subject_identifier, artifactRef: hashArtifact(ctx.portal.artifact),
|
|
47
|
-
currentHash: 'UNAVAILABLE', sealedHash: `${result.expectedBytesHash}||${result.expectedMetaHash}`,
|
|
48
|
-
driftDetected: true, driftDescription: 'Artifact revoked - fail-closed termination', action: 'TERMINATE',
|
|
49
|
-
measurementType: ctx.portal.artifact.enforcement_parameters.measurement_types.join(','),
|
|
50
|
-
seq: ctx.portal.sequenceCounter + 1, prevLeaf: ctx.portal.lastLeafHash, portalKP: ctx.portalKP,
|
|
51
|
-
});
|
|
52
|
-
await ctx.storage.storeReceipt(receipt);
|
|
53
|
-
await ctx.appendToChain('INTERACTION_RECEIPT', { receipt_id: receipt.receipt_id, drift_detected: true, enforcement_action: 'TERMINATE' });
|
|
54
|
-
return ctx.json({ success: true, match: false, drift_detected: true, ttl_ok: true, revoked: true, enforcement_action: 'TERMINATE', portal_state: ctx.portal.state, receipt_id: receipt.receipt_id, measurement_count: ctx.measurementCount });
|
|
55
|
-
}
|
|
56
|
-
}
|
|
57
|
-
else {
|
|
58
|
-
return ctx.error('Provide either subject_content or subject_bytes_hash');
|
|
59
|
-
}
|
|
60
|
-
const artRef = hashArtifact(ctx.portal.artifact);
|
|
61
|
-
const currentStr = `${currentBytesHash}||${currentMetaHash}`;
|
|
62
|
-
const sealedStr = `${ctx.portal.artifact.subject_identifier.bytes_hash}||${ctx.portal.artifact.subject_identifier.metadata_hash}`;
|
|
63
|
-
let action = null;
|
|
64
|
-
let driftDesc = null;
|
|
65
|
-
if (!match) {
|
|
66
|
-
driftDesc = 'Subject modified - hash mismatch';
|
|
67
|
-
action = ctx.portal.artifact.enforcement_parameters.enforcement_triggers[0] ?? 'ALERT_ONLY';
|
|
68
|
-
if (ctx.portal.state === 'DRIFT_DETECTED') {
|
|
69
|
-
ctx.portal.enforce(action);
|
|
70
|
-
}
|
|
71
|
-
if (action === 'QUARANTINE')
|
|
72
|
-
ctx.quarantine = initQuarantine();
|
|
73
|
-
}
|
|
74
|
-
ctx.measurementCount++;
|
|
75
|
-
const receipt = generateReceipt({
|
|
76
|
-
subjectId: ctx.portal.artifact.subject_identifier,
|
|
77
|
-
artifactRef: artRef,
|
|
78
|
-
currentHash: currentStr,
|
|
79
|
-
sealedHash: sealedStr,
|
|
80
|
-
driftDetected: !match,
|
|
81
|
-
driftDescription: driftDesc,
|
|
82
|
-
action,
|
|
83
|
-
measurementType: ctx.portal.artifact.enforcement_parameters.measurement_types.join(','),
|
|
84
|
-
seq: ctx.portal.sequenceCounter + 1,
|
|
85
|
-
prevLeaf: ctx.portal.lastLeafHash,
|
|
86
|
-
portalKP: ctx.portalKP,
|
|
87
|
-
});
|
|
88
|
-
await ctx.storage.storeReceipt(receipt);
|
|
89
|
-
await ctx.appendToChain('INTERACTION_RECEIPT', {
|
|
90
|
-
receipt_id: receipt.receipt_id,
|
|
91
|
-
drift_detected: !match,
|
|
92
|
-
enforcement_action: action,
|
|
93
|
-
});
|
|
94
|
-
return ctx.json({
|
|
95
|
-
success: true,
|
|
96
|
-
match,
|
|
97
|
-
drift_detected: !match,
|
|
98
|
-
ttl_ok: true,
|
|
99
|
-
revoked: false,
|
|
100
|
-
enforcement_action: action,
|
|
101
|
-
portal_state: ctx.portal.state,
|
|
102
|
-
receipt_id: receipt.receipt_id,
|
|
103
|
-
measurement_count: ctx.measurementCount,
|
|
104
|
-
});
|
|
105
|
-
}
|
|
106
|
-
//# sourceMappingURL=measure-subject.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"measure-subject.js","sourceRoot":"","sources":["../../src/tools/measure-subject.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAYvD,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAwB,EAAE,GAAkB;IACrF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;IAClG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,YAAY;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;IACrG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,YAAY;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAExG,IAAI,gBAAwB,CAAC;IAC7B,IAAI,eAAuB,CAAC;IAC5B,IAAI,KAAc,CAAC;IAEnB,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC5B,yBAAyB;QACzB,gBAAgB,GAAG,IAAI,CAAC,kBAAkB,CAAC;QAC3C,eAAe,GAAG,IAAI,CAAC,qBAAqB,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QACrG,KAAK,GAAG,gBAAgB,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YACtE,eAAe,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QACjF,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,mBAAmB,EAAE,CAAC;YACtD,GAAG,CAAC,MAAc,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QAChC,sCAAsC;QACtC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAC/B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EAC9C,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAC5B,CAAC;QACF,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAC3C,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QACzC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,eAAe,CAAC;gBAC9B,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,EAAE,WAAW,EAAE,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACjG,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,iBAAiB,KAAK,MAAM,CAAC,gBAAgB,EAAE;gBACjG,aAAa,EAAE,IAAI,EAAE,gBAAgB,EAAE,uCAAuC,EAAE,MAAM,EAAE,WAAW;gBACnG,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;gBACvF,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ;aAC/F,CAAC,CAAC;YACH,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,GAAG,CAAC,aAAa,CAAC,qBAAqB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,kBAAkB,EAAE,WAAW,EAAE,CAAC,CAAC;YAC1I,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,iBAAiB,EAAE,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAClP,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,eAAe,CAAC;gBAC9B,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,EAAE,WAAW,EAAE,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACjG,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,iBAAiB,KAAK,MAAM,CAAC,gBAAgB,EAAE;gBACjG,aAAa,EAAE,IAAI,EAAE,gBAAgB,EAAE,4CAA4C,EAAE,MAAM,EAAE,WAAW;gBACxG,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;gBACvF,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ;aAC/F,CAAC,CAAC;YACH,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,GAAG,CAAC,aAAa,CAAC,qBAAqB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,kBAAkB,EAAE,WAAW,EAAE,CAAC,CAAC;YAC1I,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,iBAAiB,EAAE,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAChP,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,GAAG,gBAAgB,KAAK,eAAe,EAAE,CAAC;IAC7D,MAAM,SAAS,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;IAElI,IAAI,MAAM,GAA6B,IAAI,CAAC;IAC5C,IAAI,SAAS,GAAkB,IAAI,CAAC;IAEpC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,SAAS,GAAG,kCAAkC,CAAC;QAC/C,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC;QAC5F,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,gBAAgB,EAAE,CAAC;YAC1C,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,MAAM,KAAK,YAAY;YAAE,GAAG,CAAC,UAAU,GAAG,cAAc,EAAE,CAAC;IACjE,CAAC;IAED,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAEvB,MAAM,OAAO,GAAG,eAAe,CAAC;QAC9B,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB;QACjD,WAAW,EAAE,MAAM;QACnB,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,SAAS;QACrB,aAAa,EAAE,CAAC,KAAK;QACrB,gBAAgB,EAAE,SAAS;QAC3B,MAAM;QACN,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;QACvF,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC;QACnC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,YAAY;QACjC,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACvB,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,GAAG,CAAC,aAAa,CAAC,qBAAqB,EAAE;QAC7C,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,cAAc,EAAE,CAAC,KAAK;QACtB,kBAAkB,EAAE,MAAM;KAC3B,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,KAAK;QACL,cAAc,EAAE,CAAC,KAAK;QACtB,MAAM,EAAE,IAAI;QACZ,OAAO,EAAE,KAAK;QACd,kBAAkB,EAAE,MAAM;QAC1B,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;KACxC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
import type { ServerContext } from '../context.js';
|
|
2
|
-
export declare function handleQuarantineStatus(_args: Record<string, never>, ctx: ServerContext): Promise<{
|
|
3
|
-
content: Array<{
|
|
4
|
-
type: "text";
|
|
5
|
-
text: string;
|
|
6
|
-
}>;
|
|
7
|
-
}>;
|
|
8
|
-
//# sourceMappingURL=quarantine-status.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"quarantine-status.d.ts","sourceRoot":"","sources":["../../src/tools/quarantine-status.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,sBAAsB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,aAAa;;;;;GAe5F"}
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
export async function handleQuarantineStatus(_args, ctx) {
|
|
2
|
-
if (ctx.portal.state !== 'PHANTOM_QUARANTINE' && !ctx.quarantine?.active) {
|
|
3
|
-
return ctx.error('Quarantine status unavailable - portal is not in quarantine state', {
|
|
4
|
-
portal_state: ctx.portal.state,
|
|
5
|
-
});
|
|
6
|
-
}
|
|
7
|
-
return ctx.json({
|
|
8
|
-
quarantine_active: ctx.quarantine?.active ?? false,
|
|
9
|
-
started_at: ctx.quarantine?.started_at ?? null,
|
|
10
|
-
inputs_captured: ctx.quarantine?.inputs_captured ?? 0,
|
|
11
|
-
outputs_severed: ctx.quarantine?.outputs_severed ?? false,
|
|
12
|
-
forensic_buffer_size: ctx.quarantine?.forensic_buffer.length ?? 0,
|
|
13
|
-
portal_state: ctx.portal.state,
|
|
14
|
-
});
|
|
15
|
-
}
|
|
16
|
-
//# sourceMappingURL=quarantine-status.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"quarantine-status.js","sourceRoot":"","sources":["../../src/tools/quarantine-status.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,KAA4B,EAAE,GAAkB;IAC3F,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,oBAAoB,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QACzE,OAAO,GAAG,CAAC,KAAK,CAAC,mEAAmE,EAAE;YACpF,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,iBAAiB,EAAE,GAAG,CAAC,UAAU,EAAE,MAAM,IAAI,KAAK;QAClD,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,UAAU,IAAI,IAAI;QAC9C,eAAe,EAAE,GAAG,CAAC,UAAU,EAAE,eAAe,IAAI,CAAC;QACrD,eAAe,EAAE,GAAG,CAAC,UAAU,EAAE,eAAe,IAAI,KAAK;QACzD,oBAAoB,EAAE,GAAG,CAAC,UAAU,EAAE,eAAe,CAAC,MAAM,IAAI,CAAC;QACjE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;KAC/B,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import type { ServerContext } from '../context.js';
|
|
2
|
-
export interface RevokeArtifactArgs {
|
|
3
|
-
sealed_hash?: string;
|
|
4
|
-
reason: string;
|
|
5
|
-
transition_to?: 'TERMINATED' | 'SAFE_STATE';
|
|
6
|
-
}
|
|
7
|
-
export declare function handleRevokeArtifact(args: RevokeArtifactArgs, ctx: ServerContext): Promise<{
|
|
8
|
-
content: Array<{
|
|
9
|
-
type: "text";
|
|
10
|
-
text: string;
|
|
11
|
-
}>;
|
|
12
|
-
}>;
|
|
13
|
-
//# sourceMappingURL=revoke-artifact.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"revoke-artifact.d.ts","sourceRoot":"","sources":["../../src/tools/revoke-artifact.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,WAAW,kBAAkB;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,YAAY,GAAG,YAAY,CAAC;CAC7C;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,aAAa;;;;;GAsBtF"}
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
import { pkToHex } from '../crypto/sign.js';
|
|
2
|
-
import { utcNow } from '../utils/timestamp.js';
|
|
3
|
-
export async function handleRevokeArtifact(args, ctx) {
|
|
4
|
-
const sealedHash = args.sealed_hash ?? ctx.activeArtifact?.sealed_hash;
|
|
5
|
-
if (!sealedHash)
|
|
6
|
-
return ctx.error('No sealed_hash provided and no active artifact.');
|
|
7
|
-
const transition = args.transition_to ?? 'TERMINATED';
|
|
8
|
-
ctx.portal.revoke(sealedHash, transition);
|
|
9
|
-
const record = {
|
|
10
|
-
artifact_sealed_hash: sealedHash,
|
|
11
|
-
reason: args.reason,
|
|
12
|
-
revoked_by: pkToHex(ctx.issuerKP.publicKey),
|
|
13
|
-
timestamp: utcNow(),
|
|
14
|
-
};
|
|
15
|
-
await ctx.appendToChain('REVOCATION', { ...record, transition_to: transition });
|
|
16
|
-
return ctx.json({
|
|
17
|
-
success: true,
|
|
18
|
-
revoked: sealedHash,
|
|
19
|
-
portal_state: ctx.portal.state,
|
|
20
|
-
reason: args.reason,
|
|
21
|
-
transition_to: transition,
|
|
22
|
-
});
|
|
23
|
-
}
|
|
24
|
-
//# sourceMappingURL=revoke-artifact.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"revoke-artifact.js","sourceRoot":"","sources":["../../src/tools/revoke-artifact.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAU/C,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAwB,EAAE,GAAkB;IACrF,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC;IACvE,IAAI,CAAC,UAAU;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;IAErF,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,IAAI,YAAY,CAAC;IACtD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAqB;QAC/B,oBAAoB,EAAE,UAAU;QAChC,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC3C,SAAS,EAAE,MAAM,EAAE;KACpB,CAAC;IACF,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,GAAG,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC,CAAC;IAEhF,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,UAAU;QACnB,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,aAAa,EAAE,UAAU;KAC1B,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import type { ServerContext } from '../context.js';
|
|
2
|
-
export interface RotateKeysArgs {
|
|
3
|
-
key_type?: 'issuer' | 'portal' | 'chain';
|
|
4
|
-
keypair?: 'issuer' | 'portal' | 'chain';
|
|
5
|
-
reason?: string;
|
|
6
|
-
}
|
|
7
|
-
export declare function handleRotateKeys(args: RotateKeysArgs, ctx: ServerContext): Promise<{
|
|
8
|
-
content: Array<{
|
|
9
|
-
type: "text";
|
|
10
|
-
text: string;
|
|
11
|
-
}>;
|
|
12
|
-
}>;
|
|
13
|
-
//# sourceMappingURL=rotate-keys.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"rotate-keys.d.ts","sourceRoot":"","sources":["../../src/tools/rotate-keys.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC;IACzC,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,aAAa;;;;;GAsC9E"}
|
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
import { rotateKeys } from '../core/identity.js';
|
|
2
|
-
export async function handleRotateKeys(args, ctx) {
|
|
3
|
-
const keyType = args.key_type ?? args.keypair;
|
|
4
|
-
if (!keyType)
|
|
5
|
-
return ctx.error('Provide key_type or keypair parameter.');
|
|
6
|
-
let result;
|
|
7
|
-
switch (keyType) {
|
|
8
|
-
case 'issuer':
|
|
9
|
-
result = rotateKeys(ctx.issuerKP);
|
|
10
|
-
ctx.issuerKP = result.newKeyPair;
|
|
11
|
-
break;
|
|
12
|
-
case 'portal':
|
|
13
|
-
result = rotateKeys(ctx.portalKP);
|
|
14
|
-
ctx.portalKP = result.newKeyPair;
|
|
15
|
-
break;
|
|
16
|
-
case 'chain':
|
|
17
|
-
result = rotateKeys(ctx.chainKP);
|
|
18
|
-
ctx.chainKP = result.newKeyPair;
|
|
19
|
-
break;
|
|
20
|
-
default:
|
|
21
|
-
return ctx.error(`Invalid key_type: ${keyType}. Must be issuer, portal, or chain.`);
|
|
22
|
-
}
|
|
23
|
-
await ctx.appendToChain('KEY_ROTATION', {
|
|
24
|
-
key_type: keyType,
|
|
25
|
-
old_public_key: result.oldPublicKeyHex,
|
|
26
|
-
new_public_key: result.newPublicKeyHex,
|
|
27
|
-
rotated_at: result.rotatedAt,
|
|
28
|
-
reason: args.reason ?? 'Key rotation',
|
|
29
|
-
});
|
|
30
|
-
return ctx.json({
|
|
31
|
-
success: true,
|
|
32
|
-
key_type: keyType,
|
|
33
|
-
old_public_key: result.oldPublicKeyHex,
|
|
34
|
-
new_public_key: result.newPublicKeyHex,
|
|
35
|
-
rotated_at: result.rotatedAt,
|
|
36
|
-
reason: args.reason,
|
|
37
|
-
});
|
|
38
|
-
}
|
|
39
|
-
//# sourceMappingURL=rotate-keys.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"rotate-keys.js","sourceRoot":"","sources":["../../src/tools/rotate-keys.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AASjD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAoB,EAAE,GAAkB;IAC7E,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC;IAC9C,IAAI,CAAC,OAAO;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAEzE,IAAI,MAAM,CAAC;IACX,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,QAAQ;YACX,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACjC,GAAW,CAAC,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC;YAC1C,MAAM;QACR,KAAK,QAAQ;YACX,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACjC,GAAW,CAAC,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC;YAC1C,MAAM;QACR,KAAK,OAAO;YACV,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAChC,GAAW,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC;YACzC,MAAM;QACR;YACE,OAAO,GAAG,CAAC,KAAK,CAAC,qBAAqB,OAAO,qCAAqC,CAAC,CAAC;IACxF,CAAC;IAED,MAAM,GAAG,CAAC,aAAa,CAAC,cAAc,EAAE;QACtC,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,UAAU,EAAE,MAAM,CAAC,SAAS;QAC5B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,cAAc;KACtC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,UAAU,EAAE,MAAM,CAAC,SAAS;QAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"server-info.d.ts","sourceRoot":"","sources":["../../src/tools/server-info.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,aAAa;;;;;GAoBtF"}
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
import { pkToHex } from '../crypto/sign.js';
|
|
2
|
-
export async function handleServerInfo(_args, ctx) {
|
|
3
|
-
return ctx.json({
|
|
4
|
-
server: 'AGA MCP Server',
|
|
5
|
-
version: '2.0.0',
|
|
6
|
-
protocol: 'Attested Governance Artifacts v2.0.0',
|
|
7
|
-
nist_references: ['NIST-2025-0035', 'NCCoE AI Agent Identity'],
|
|
8
|
-
framework_alignment: {
|
|
9
|
-
spiffe: 'SPIFFE provides workload identity (SVID); AGA binds governance to workload intent',
|
|
10
|
-
nist_sp_800_57: 'Key management aligned with SP 800-57 recommendations',
|
|
11
|
-
nist_ai_rmf: 'AI Risk Management Framework: Govern, Map, Measure, Manage',
|
|
12
|
-
},
|
|
13
|
-
issuer_public_key: pkToHex(ctx.issuerKP.publicKey),
|
|
14
|
-
portal_public_key: pkToHex(ctx.portalKP.publicKey),
|
|
15
|
-
chain_public_key: pkToHex(ctx.chainKP.publicKey),
|
|
16
|
-
chain_initialized: ctx.chainInitialized,
|
|
17
|
-
portal_state: ctx.portal.state,
|
|
18
|
-
verification_tier: ctx.verificationTier,
|
|
19
|
-
measurement_count: ctx.measurementCount,
|
|
20
|
-
uptime_ms: Date.now() - Date.parse(ctx.startTime),
|
|
21
|
-
});
|
|
22
|
-
}
|
|
23
|
-
//# sourceMappingURL=server-info.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"server-info.js","sourceRoot":"","sources":["../../src/tools/server-info.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG5C,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,KAA4B,EAAE,GAAkB;IACrF,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,MAAM,EAAE,gBAAgB;QACxB,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,sCAAsC;QAChD,eAAe,EAAE,CAAC,gBAAgB,EAAE,yBAAyB,CAAC;QAC9D,mBAAmB,EAAE;YACnB,MAAM,EAAE,mFAAmF;YAC3F,cAAc,EAAE,uDAAuD;YACvE,WAAW,EAAE,4DAA4D;SAC1E;QACD,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAClD,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAClD,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC;QAChD,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;KAClD,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
import type { ServerContext } from '../context.js';
|
|
2
|
-
export interface SetVerificationTierArgs {
|
|
3
|
-
tier: 'BRONZE' | 'SILVER' | 'GOLD';
|
|
4
|
-
}
|
|
5
|
-
export declare function handleSetVerificationTier(args: SetVerificationTierArgs, ctx: ServerContext): Promise<{
|
|
6
|
-
content: Array<{
|
|
7
|
-
type: "text";
|
|
8
|
-
text: string;
|
|
9
|
-
}>;
|
|
10
|
-
}>;
|
|
11
|
-
//# sourceMappingURL=set-verification-tier.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"set-verification-tier.d.ts","sourceRoot":"","sources":["../../src/tools/set-verification-tier.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;CACpC;AAiBD,wBAAsB,yBAAyB,CAAC,IAAI,EAAE,uBAAuB,EAAE,GAAG,EAAE,aAAa;;;;;GAehG"}
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
const TIER_DESCRIPTIONS = {
|
|
2
|
-
BRONZE: {
|
|
3
|
-
description: 'Cryptographic signatures only - artifact and receipt verification via Ed25519',
|
|
4
|
-
trust_assumption: 'Trust that signing keys are not compromised',
|
|
5
|
-
},
|
|
6
|
-
SILVER: {
|
|
7
|
-
description: 'Signatures plus continuity chain verification - tamper-evident event linkage',
|
|
8
|
-
trust_assumption: 'Trust the chain operator plus key integrity',
|
|
9
|
-
},
|
|
10
|
-
GOLD: {
|
|
11
|
-
description: 'Full verification with blockchain-anchored Merkle proofs - offline-verifiable evidence bundles',
|
|
12
|
-
trust_assumption: 'Minimal trust - cryptographic proof anchored to immutable external ledger',
|
|
13
|
-
},
|
|
14
|
-
};
|
|
15
|
-
export async function handleSetVerificationTier(args, ctx) {
|
|
16
|
-
const validTiers = ['BRONZE', 'SILVER', 'GOLD'];
|
|
17
|
-
if (!validTiers.includes(args.tier)) {
|
|
18
|
-
return ctx.error(`Invalid tier: ${args.tier}. Must be BRONZE, SILVER, or GOLD.`);
|
|
19
|
-
}
|
|
20
|
-
const previousTier = ctx.verificationTier;
|
|
21
|
-
ctx.verificationTier = args.tier;
|
|
22
|
-
const info = TIER_DESCRIPTIONS[args.tier];
|
|
23
|
-
return ctx.json({
|
|
24
|
-
success: true,
|
|
25
|
-
previous_tier: previousTier,
|
|
26
|
-
current_tier: ctx.verificationTier,
|
|
27
|
-
description: info.description,
|
|
28
|
-
trust_assumption: info.trust_assumption,
|
|
29
|
-
});
|
|
30
|
-
}
|
|
31
|
-
//# sourceMappingURL=set-verification-tier.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"set-verification-tier.js","sourceRoot":"","sources":["../../src/tools/set-verification-tier.ts"],"names":[],"mappings":"AAMA,MAAM,iBAAiB,GAAsE;IAC3F,MAAM,EAAE;QACN,WAAW,EAAE,+EAA+E;QAC5F,gBAAgB,EAAE,6CAA6C;KAChE;IACD,MAAM,EAAE;QACN,WAAW,EAAE,8EAA8E;QAC3F,gBAAgB,EAAE,6CAA6C;KAChE;IACD,IAAI,EAAE;QACJ,WAAW,EAAE,gGAAgG;QAC7G,gBAAgB,EAAE,2EAA2E;KAC9F;CACF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,IAA6B,EAAE,GAAkB;IAC/F,MAAM,UAAU,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAU,CAAC;IACzD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAW,CAAC,EAAE,CAAC;QAC3C,OAAO,GAAG,CAAC,KAAK,CAAC,iBAAiB,IAAI,CAAC,IAAI,oCAAoC,CAAC,CAAC;IACnF,CAAC;IACD,MAAM,YAAY,GAAG,GAAG,CAAC,gBAAgB,CAAC;IAC1C,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC;IACjC,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1C,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,aAAa,EAAE,YAAY;QAC3B,YAAY,EAAE,GAAG,CAAC,gBAAgB;QAClC,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;KACxC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
import type { ServerContext } from '../context.js';
|
|
2
|
-
import type { BehavioralBaseline } from '../core/behavioral.js';
|
|
3
|
-
export interface StartMonitoringArgs {
|
|
4
|
-
behavioral_baseline?: BehavioralBaseline;
|
|
5
|
-
}
|
|
6
|
-
export declare function handleStartMonitoring(args: StartMonitoringArgs, ctx: ServerContext): Promise<{
|
|
7
|
-
content: Array<{
|
|
8
|
-
type: "text";
|
|
9
|
-
text: string;
|
|
10
|
-
}>;
|
|
11
|
-
}>;
|
|
12
|
-
//# sourceMappingURL=start-monitoring.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"start-monitoring.d.ts","sourceRoot":"","sources":["../../src/tools/start-monitoring.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAEhE,MAAM,WAAW,mBAAmB;IAClC,mBAAmB,CAAC,EAAE,kBAAkB,CAAC;CAC1C;AAED,wBAAsB,qBAAqB,CAAC,IAAI,EAAE,mBAAmB,EAAE,GAAG,EAAE,aAAa;;;;;GAexF"}
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
export async function handleStartMonitoring(args, ctx) {
|
|
2
|
-
if (!ctx.portal.artifact)
|
|
3
|
-
return ctx.error('No artifact loaded. Call aga_create_artifact first.');
|
|
4
|
-
if (ctx.portal.state !== 'ACTIVE_MONITORING')
|
|
5
|
-
return ctx.error(`Cannot start monitoring in state ${ctx.portal.state}`);
|
|
6
|
-
ctx.behavioralMonitor.reset();
|
|
7
|
-
if (args.behavioral_baseline) {
|
|
8
|
-
ctx.behavioralMonitor.setBaseline(args.behavioral_baseline);
|
|
9
|
-
}
|
|
10
|
-
return ctx.json({
|
|
11
|
-
success: true,
|
|
12
|
-
portal_state: ctx.portal.state,
|
|
13
|
-
monitoring_active: true,
|
|
14
|
-
baseline_set: !!args.behavioral_baseline,
|
|
15
|
-
});
|
|
16
|
-
}
|
|
17
|
-
//# sourceMappingURL=start-monitoring.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"start-monitoring.js","sourceRoot":"","sources":["../../src/tools/start-monitoring.ts"],"names":[],"mappings":"AAOA,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAAyB,EAAE,GAAkB;IACvF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;IAClG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,mBAAmB;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,oCAAoC,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IAEvH,GAAG,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;IAC9B,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC7B,GAAG,CAAC,iBAAiB,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,iBAAiB,EAAE,IAAI;QACvB,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB;KACzC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
import type { ServerContext } from '../context.js';
|
|
2
|
-
export interface TriggerMeasurementArgs {
|
|
3
|
-
subject_content?: string;
|
|
4
|
-
subject_bytes_hash?: string;
|
|
5
|
-
subject_metadata_hash?: string;
|
|
6
|
-
measurement_type?: string;
|
|
7
|
-
subject_metadata?: Record<string, string>;
|
|
8
|
-
}
|
|
9
|
-
export declare function handleTriggerMeasurement(args: TriggerMeasurementArgs, ctx: ServerContext): Promise<{
|
|
10
|
-
content: Array<{
|
|
11
|
-
type: "text";
|
|
12
|
-
text: string;
|
|
13
|
-
}>;
|
|
14
|
-
}>;
|
|
15
|
-
//# sourceMappingURL=trigger-measurement.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"trigger-measurement.d.ts","sourceRoot":"","sources":["../../src/tools/trigger-measurement.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,WAAW,sBAAsB;IACrC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C;AAED,wBAAsB,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,aAAa;;;;;GA2E9F"}
|
|
@@ -1,86 +0,0 @@
|
|
|
1
|
-
import { hashArtifact } from '../core/artifact.js';
|
|
2
|
-
import { generateReceipt } from '../core/receipt.js';
|
|
3
|
-
import { initQuarantine } from '../core/quarantine.js';
|
|
4
|
-
export async function handleTriggerMeasurement(args, ctx) {
|
|
5
|
-
if (!ctx.portal.artifact)
|
|
6
|
-
return ctx.error('No artifact loaded.');
|
|
7
|
-
if (ctx.portal.state === 'TERMINATED' || ctx.portal.state === 'SAFE_STATE') {
|
|
8
|
-
return ctx.error(`Portal is ${ctx.portal.state}. Artifact revoked or expired.`);
|
|
9
|
-
}
|
|
10
|
-
let match;
|
|
11
|
-
let action = null;
|
|
12
|
-
let driftDesc = null;
|
|
13
|
-
let currentHash = 'UNAVAILABLE';
|
|
14
|
-
if (args.subject_bytes_hash) {
|
|
15
|
-
// Pre-computed hash mode
|
|
16
|
-
const bMatch = args.subject_bytes_hash === ctx.portal.artifact.subject_identifier.bytes_hash;
|
|
17
|
-
const mMatch = !args.subject_metadata_hash || args.subject_metadata_hash === ctx.portal.artifact.subject_identifier.metadata_hash;
|
|
18
|
-
match = bMatch && mMatch;
|
|
19
|
-
currentHash = args.subject_bytes_hash;
|
|
20
|
-
if (!match && ctx.portal.state === 'ACTIVE_MONITORING') {
|
|
21
|
-
ctx.portal.state = 'DRIFT_DETECTED';
|
|
22
|
-
}
|
|
23
|
-
}
|
|
24
|
-
else if (args.subject_content) {
|
|
25
|
-
const meta = args.subject_metadata ?? {};
|
|
26
|
-
const result = ctx.portal.measure(new TextEncoder().encode(args.subject_content), meta);
|
|
27
|
-
match = result.match;
|
|
28
|
-
currentHash = result.currentBytesHash || 'UNAVAILABLE';
|
|
29
|
-
if (!result.ttl_ok) {
|
|
30
|
-
driftDesc = 'TTL expired';
|
|
31
|
-
action = 'TERMINATE';
|
|
32
|
-
match = false;
|
|
33
|
-
}
|
|
34
|
-
else if (result.revoked) {
|
|
35
|
-
driftDesc = 'Artifact revoked';
|
|
36
|
-
action = 'TERMINATE';
|
|
37
|
-
match = false;
|
|
38
|
-
}
|
|
39
|
-
}
|
|
40
|
-
else {
|
|
41
|
-
return ctx.error('Provide either subject_content or subject_bytes_hash');
|
|
42
|
-
}
|
|
43
|
-
if (!match && !action) {
|
|
44
|
-
driftDesc = 'Subject modified - hash mismatch';
|
|
45
|
-
action = ctx.portal.artifact.enforcement_parameters.enforcement_triggers[0] ?? 'ALERT_ONLY';
|
|
46
|
-
if (ctx.portal.state === 'DRIFT_DETECTED') {
|
|
47
|
-
ctx.portal.enforce(action);
|
|
48
|
-
}
|
|
49
|
-
if (action === 'QUARANTINE')
|
|
50
|
-
ctx.quarantine = initQuarantine();
|
|
51
|
-
}
|
|
52
|
-
ctx.measurementCount++;
|
|
53
|
-
const artRef = hashArtifact(ctx.portal.artifact);
|
|
54
|
-
const mType = args.measurement_type ?? ctx.portal.artifact.enforcement_parameters.measurement_types[0] ?? 'FILE_SYSTEM_STATE';
|
|
55
|
-
const receipt = generateReceipt({
|
|
56
|
-
subjectId: ctx.portal.artifact.subject_identifier,
|
|
57
|
-
artifactRef: artRef,
|
|
58
|
-
currentHash,
|
|
59
|
-
sealedHash: ctx.portal.artifact.subject_identifier.bytes_hash,
|
|
60
|
-
driftDetected: !match,
|
|
61
|
-
driftDescription: driftDesc,
|
|
62
|
-
action,
|
|
63
|
-
measurementType: mType,
|
|
64
|
-
seq: ctx.portal.sequenceCounter + 1,
|
|
65
|
-
prevLeaf: ctx.portal.lastLeafHash,
|
|
66
|
-
portalKP: ctx.portalKP,
|
|
67
|
-
});
|
|
68
|
-
await ctx.storage.storeReceipt(receipt);
|
|
69
|
-
await ctx.appendToChain('INTERACTION_RECEIPT', {
|
|
70
|
-
receipt_id: receipt.receipt_id,
|
|
71
|
-
drift_detected: !match,
|
|
72
|
-
enforcement_action: action,
|
|
73
|
-
measurement_type: mType,
|
|
74
|
-
});
|
|
75
|
-
return ctx.json({
|
|
76
|
-
success: true,
|
|
77
|
-
match,
|
|
78
|
-
drift_detected: !match,
|
|
79
|
-
enforcement_action: action,
|
|
80
|
-
portal_state: ctx.portal.state,
|
|
81
|
-
receipt_id: receipt.receipt_id,
|
|
82
|
-
measurement_type: mType,
|
|
83
|
-
measurement_count: ctx.measurementCount,
|
|
84
|
-
});
|
|
85
|
-
}
|
|
86
|
-
//# sourceMappingURL=trigger-measurement.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"trigger-measurement.js","sourceRoot":"","sources":["../../src/tools/trigger-measurement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAYvD,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,IAA4B,EAAE,GAAkB;IAC7F,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAClE,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,YAAY,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC;QAC3E,OAAO,GAAG,CAAC,KAAK,CAAC,aAAa,GAAG,CAAC,MAAM,CAAC,KAAK,gCAAgC,CAAC,CAAC;IAClF,CAAC;IAED,IAAI,KAAc,CAAC;IACnB,IAAI,MAAM,GAA6B,IAAI,CAAC;IAC5C,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,WAAW,GAAG,aAAa,CAAC;IAEhC,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC5B,yBAAyB;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU,CAAC;QAC7F,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,qBAAqB,IAAI,IAAI,CAAC,qBAAqB,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QAClI,KAAK,GAAG,MAAM,IAAI,MAAM,CAAC;QACzB,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC;QACtC,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,mBAAmB,EAAE,CAAC;YACtD,GAAG,CAAC,MAAc,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,IAAI,CAAC,CAAC;QACxF,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QACrB,WAAW,GAAG,MAAM,CAAC,gBAAgB,IAAI,aAAa,CAAC;QACvD,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YAAC,SAAS,GAAG,aAAa,CAAC;YAAC,MAAM,GAAG,WAAW,CAAC;YAAC,KAAK,GAAG,KAAK,CAAC;QAAC,CAAC;aAClF,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAAC,SAAS,GAAG,kBAAkB,CAAC;YAAC,MAAM,GAAG,WAAW,CAAC;YAAC,KAAK,GAAG,KAAK,CAAC;QAAC,CAAC;IACnG,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC3E,CAAC;IAED,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QACtB,SAAS,GAAG,kCAAkC,CAAC;QAC/C,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC;QAC5F,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,gBAAgB,EAAE,CAAC;YAC1C,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,MAAM,KAAK,YAAY;YAAE,GAAG,CAAC,UAAU,GAAG,cAAc,EAAE,CAAC;IACjE,CAAC;IAED,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,mBAAmB,CAAC;IAE9H,MAAM,OAAO,GAAG,eAAe,CAAC;QAC9B,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB;QACjD,WAAW,EAAE,MAAM;QACnB,WAAW;QACX,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;QAC7D,aAAa,EAAE,CAAC,KAAK;QACrB,gBAAgB,EAAE,SAAS;QAC3B,MAAM;QACN,eAAe,EAAE,KAAK;QACtB,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC;QACnC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,YAAY;QACjC,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACvB,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,GAAG,CAAC,aAAa,CAAC,qBAAqB,EAAE;QAC7C,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,cAAc,EAAE,CAAC,KAAK;QACtB,kBAAkB,EAAE,MAAM;QAC1B,gBAAgB,EAAE,KAAK;KACxB,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,KAAK;QACL,cAAc,EAAE,CAAC,KAAK;QACtB,kBAAkB,EAAE,MAAM;QAC1B,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,gBAAgB,EAAE,KAAK;QACvB,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;KACxC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import type { ServerContext } from '../context.js';
|
|
2
|
-
import type { PolicyArtifact } from '../core/types.js';
|
|
3
|
-
export interface VerifyArtifactArgs {
|
|
4
|
-
artifact: PolicyArtifact;
|
|
5
|
-
issuer_public_key: string;
|
|
6
|
-
}
|
|
7
|
-
export declare function handleVerifyArtifact(args: VerifyArtifactArgs, ctx: ServerContext): Promise<{
|
|
8
|
-
content: Array<{
|
|
9
|
-
type: "text";
|
|
10
|
-
text: string;
|
|
11
|
-
}>;
|
|
12
|
-
}>;
|
|
13
|
-
//# sourceMappingURL=verify-artifact.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"verify-artifact.d.ts","sourceRoot":"","sources":["../../src/tools/verify-artifact.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAEvD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,cAAc,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,aAAa;;;;;GAGtF"}
|
|
@@ -1,6 +0,0 @@
|
|
|
1
|
-
import { verifyArtifactSignature } from '../core/artifact.js';
|
|
2
|
-
export async function handleVerifyArtifact(args, ctx) {
|
|
3
|
-
const valid = verifyArtifactSignature(args.artifact, args.issuer_public_key);
|
|
4
|
-
return ctx.json({ success: true, signature_valid: valid });
|
|
5
|
-
}
|
|
6
|
-
//# sourceMappingURL=verify-artifact.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"verify-artifact.js","sourceRoot":"","sources":["../../src/tools/verify-artifact.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAS9D,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAwB,EAAE,GAAkB;IACrF,MAAM,KAAK,GAAG,uBAAuB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC7E,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,CAAC;AAC7D,CAAC"}
|