@attested-intelligence/aga-mcp-server 2.2.0 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (80) hide show
  1. package/README.md +77 -65
  2. package/dist/adapters/openclaw.d.ts +0 -1
  3. package/dist/adapters/openclaw.d.ts.map +1 -1
  4. package/dist/adapters/openclaw.js +0 -1
  5. package/dist/adapters/openclaw.js.map +1 -1
  6. package/dist/proxy/evaluator.d.ts +0 -1
  7. package/dist/proxy/evaluator.d.ts.map +1 -1
  8. package/dist/proxy/evaluator.js +0 -1
  9. package/dist/proxy/evaluator.js.map +1 -1
  10. package/dist/proxy/index.d.ts +0 -1
  11. package/dist/proxy/index.d.ts.map +1 -1
  12. package/dist/proxy/index.js +0 -1
  13. package/dist/proxy/index.js.map +1 -1
  14. package/dist/proxy/profiles.d.ts +0 -1
  15. package/dist/proxy/profiles.d.ts.map +1 -1
  16. package/dist/proxy/profiles.js +0 -1
  17. package/dist/proxy/profiles.js.map +1 -1
  18. package/dist/proxy/server.d.ts +0 -1
  19. package/dist/proxy/server.d.ts.map +1 -1
  20. package/dist/proxy/server.js +0 -1
  21. package/dist/proxy/server.js.map +1 -1
  22. package/dist/proxy/stdio-bridge.d.ts +0 -1
  23. package/dist/proxy/stdio-bridge.d.ts.map +1 -1
  24. package/dist/proxy/stdio-bridge.js +0 -1
  25. package/dist/proxy/stdio-bridge.js.map +1 -1
  26. package/dist/proxy/types.d.ts +0 -1
  27. package/dist/proxy/types.d.ts.map +1 -1
  28. package/dist/proxy/types.js +0 -1
  29. package/dist/proxy/types.js.map +1 -1
  30. package/dist/proxy/verify.d.ts +0 -1
  31. package/dist/proxy/verify.d.ts.map +1 -1
  32. package/dist/proxy/verify.js +0 -1
  33. package/dist/proxy/verify.js.map +1 -1
  34. package/package.json +92 -97
  35. package/SECURITY.md +0 -59
  36. package/independent-verifier/README.md +0 -31
  37. package/independent-verifier/package.json +0 -18
  38. package/independent-verifier/verify.ts +0 -211
  39. package/src/adapters/openclaw.ts +0 -125
  40. package/src/core/artifact.ts +0 -45
  41. package/src/core/attestation.ts +0 -33
  42. package/src/core/behavioral.ts +0 -132
  43. package/src/core/bundle.ts +0 -45
  44. package/src/core/chain.ts +0 -72
  45. package/src/core/checkpoint.ts +0 -22
  46. package/src/core/delegation.ts +0 -146
  47. package/src/core/disclosure.ts +0 -32
  48. package/src/core/identity.ts +0 -62
  49. package/src/core/index.ts +0 -14
  50. package/src/core/portal.ts +0 -117
  51. package/src/core/quarantine.ts +0 -16
  52. package/src/core/receipt.ts +0 -33
  53. package/src/core/subject.ts +0 -11
  54. package/src/core/types.ts +0 -285
  55. package/src/crypto/hash.ts +0 -33
  56. package/src/crypto/index.ts +0 -5
  57. package/src/crypto/merkle.ts +0 -43
  58. package/src/crypto/salt.ts +0 -18
  59. package/src/crypto/sign.ts +0 -42
  60. package/src/crypto/types.ts +0 -19
  61. package/src/index.ts +0 -12
  62. package/src/middleware/governance.ts +0 -95
  63. package/src/middleware/index.ts +0 -1
  64. package/src/proxy/evaluator.ts +0 -176
  65. package/src/proxy/index.ts +0 -259
  66. package/src/proxy/profiles.ts +0 -48
  67. package/src/proxy/server.ts +0 -499
  68. package/src/proxy/stdio-bridge.ts +0 -171
  69. package/src/proxy/types.ts +0 -40
  70. package/src/proxy/verify.ts +0 -202
  71. package/src/server.ts +0 -435
  72. package/src/storage/index.ts +0 -3
  73. package/src/storage/interface.ts +0 -21
  74. package/src/storage/memory.ts +0 -27
  75. package/src/storage/sqlite.ts +0 -45
  76. package/src/tools/README.md +0 -13
  77. package/src/utils/canonical.ts +0 -14
  78. package/src/utils/constants.ts +0 -3
  79. package/src/utils/timestamp.ts +0 -12
  80. package/src/utils/uuid.ts +0 -2
@@ -1 +1 @@
1
- {"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/proxy/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAE7D,gBAAgB;AAChB,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAe,EAAE,EAAE;IACzC,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAAC,CAAC;IACxD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,gEAAgE;AAEhE,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC7E,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAE,GAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5D,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACtB,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACjC,OAAO,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;AACtC,CAAC;AAgBD,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,UAAkB;IAC1D,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,eAAe,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK;YACvD,qBAAqB,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK;YACxD,iBAAiB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;YAC9C,gBAAgB,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,cAAc;SAC1D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAA8B;QACxC,eAAe,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK;QACvD,qBAAqB,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK;QACxD,iBAAiB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;QAC9C,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;QAC9C,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,EAAE;KAClC,CAAC;IAEF,oBAAoB;IACpB,IAAI,MAAM,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;QAC9C,MAAM,CAAC,KAAK,GAAG,0BAA0B,MAAM,CAAC,SAAS,EAAE,CAAC;QAC5D,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,IAAI,CAAC,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;YACzC,MAAM,CAAC,KAAK,GAAG,gCAAgC,CAAC,CAAC,SAAS,EAAE,CAAC;YAC7D,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IACD,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC;IAE9B,6BAA6B;IAC7B,IAAI,CAAC;QACH,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,OAAO,CAAC;YAC3C,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;YAClC,MAAM,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC1C,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;gBAC/C,MAAM,CAAC,KAAK,GAAG,WAAW,OAAO,CAAC,UAAU,mBAAmB,CAAC;gBAChE,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,wBAAwB,GAAG,IAAI,CAAC;IACzC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,iCAAiC,CAAC,EAAE,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0BAA0B;IAC1B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB,KAAK,EAAE,EAAE,CAAC;YACpE,MAAM,CAAC,KAAK,GAAG,mDAAmD,CAAC;YACnE,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB,KAAK,YAAY,EAAE,CAAC;gBACvD,MAAM,CAAC,KAAK,GAAG,0BAA0B,CAAC,EAAE,CAAC;gBAC7C,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,qBAAqB,GAAG,IAAI,CAAC;IACtC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,0BAA0B,CAAC,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,wBAAwB;IACxB,IAAI,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzC,IAAI,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC/C,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;oBACnC,WAAW,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;gBAC/D,CAAC;qBAAM,CAAC;oBACN,WAAW,GAAG,cAAc,CAAC,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;YACD,IAAI,WAAW,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvC,MAAM,CAAC,KAAK,GAAG,gCAAgC,KAAK,CAAC,UAAU,EAAE,CAAC;gBAClE,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,KAAK,CAAC,WAAW,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;gBAC7C,MAAM,CAAC,KAAK,GAAG,+BAA+B,KAAK,CAAC,UAAU,EAAE,CAAC;gBACjE,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,mBAAmB,GAAG,IAAI,CAAC;IACpC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,uBAAuB,CAAC,EAAE,CAAC;QAC1C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC;QACH,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,CAAC,KAAK,GAAG,8BAA8B,CAAC;YAC9C,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBACnD,MAAM,CAAC,KAAK,GAAG,iCAAiC,CAAC,EAAE,CAAC;gBACpD,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBAC7C,MAAM,CAAC,KAAK,GAAG,kCAAkC,CAAC,EAAE,CAAC;gBACrD,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAClC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,sBAAsB,CAAC,EAAE,CAAC;QACzC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;IAC5B,OAAO,MAAM,CAAC;AAChB,CAAC"}
1
+ {"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/proxy/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAE7D,gBAAgB;AAChB,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAe,EAAE,EAAE;IACzC,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAAC,CAAC;IACxD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,gEAAgE;AAEhE,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC7E,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAE,GAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5D,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACtB,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACjC,OAAO,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;AACtC,CAAC;AAgBD,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,UAAkB;IAC1D,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,eAAe,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK;YACvD,qBAAqB,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK;YACxD,iBAAiB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;YAC9C,gBAAgB,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,cAAc;SAC1D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAA8B;QACxC,eAAe,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK;QACvD,qBAAqB,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK;QACxD,iBAAiB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;QAC9C,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;QAC9C,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,EAAE;KAClC,CAAC;IAEF,oBAAoB;IACpB,IAAI,MAAM,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;QAC9C,MAAM,CAAC,KAAK,GAAG,0BAA0B,MAAM,CAAC,SAAS,EAAE,CAAC;QAC5D,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,IAAI,CAAC,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;YACzC,MAAM,CAAC,KAAK,GAAG,gCAAgC,CAAC,CAAC,SAAS,EAAE,CAAC;YAC7D,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IACD,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC;IAE9B,6BAA6B;IAC7B,IAAI,CAAC;QACH,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,OAAO,CAAC;YAC3C,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;YAClC,MAAM,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC1C,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;gBAC/C,MAAM,CAAC,KAAK,GAAG,WAAW,OAAO,CAAC,UAAU,mBAAmB,CAAC;gBAChE,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,wBAAwB,GAAG,IAAI,CAAC;IACzC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,iCAAiC,CAAC,EAAE,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0BAA0B;IAC1B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB,KAAK,EAAE,EAAE,CAAC;YACpE,MAAM,CAAC,KAAK,GAAG,mDAAmD,CAAC;YACnE,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB,KAAK,YAAY,EAAE,CAAC;gBACvD,MAAM,CAAC,KAAK,GAAG,0BAA0B,CAAC,EAAE,CAAC;gBAC7C,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,qBAAqB,GAAG,IAAI,CAAC;IACtC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,0BAA0B,CAAC,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,wBAAwB;IACxB,IAAI,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzC,IAAI,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC/C,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;oBACnC,WAAW,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;gBAC/D,CAAC;qBAAM,CAAC;oBACN,WAAW,GAAG,cAAc,CAAC,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;YACD,IAAI,WAAW,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvC,MAAM,CAAC,KAAK,GAAG,gCAAgC,KAAK,CAAC,UAAU,EAAE,CAAC;gBAClE,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,KAAK,CAAC,WAAW,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;gBAC7C,MAAM,CAAC,KAAK,GAAG,+BAA+B,KAAK,CAAC,UAAU,EAAE,CAAC;gBACjE,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,mBAAmB,GAAG,IAAI,CAAC;IACpC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,uBAAuB,CAAC,EAAE,CAAC;QAC1C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC;QACH,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,CAAC,KAAK,GAAG,8BAA8B,CAAC;YAC9C,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBACnD,MAAM,CAAC,KAAK,GAAG,iCAAiC,CAAC,EAAE,CAAC;gBACpD,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBAC7C,MAAM,CAAC,KAAK,GAAG,kCAAkC,CAAC,EAAE,CAAC;gBACrD,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAClC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,sBAAsB,CAAC,EAAE,CAAC;QACzC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;IAC5B,OAAO,MAAM,CAAC;AAChB,CAAC"}
package/package.json CHANGED
@@ -1,97 +1,92 @@
1
- {
2
- "name": "@attested-intelligence/aga-mcp-server",
3
- "version": "2.2.0",
4
- "description": "MCP server for cryptographic AI agent governance. Seal policy artifacts, enforce at runtime, prove with signed receipts and offline-verifiable evidence bundles.",
5
- "author": "Attested Intelligence Holdings LLC",
6
- "license": "MIT",
7
- "homepage": "https://attestedintelligence.com/technology",
8
- "repository": {
9
- "type": "git",
10
- "url": "https://github.com/attestedintelligence/AGA"
11
- },
12
- "bugs": {
13
- "url": "https://github.com/attestedintelligence/AGA/issues"
14
- },
15
- "type": "module",
16
- "main": "dist/index.js",
17
- "types": "dist/index.d.ts",
18
- "bin": {
19
- "aga-mcp-server": "dist/index.js",
20
- "aga-proxy": "dist/proxy/index.js"
21
- },
22
- "scripts": {
23
- "build": "tsc",
24
- "start": "node dist/index.js",
25
- "dev": "tsx src/index.ts",
26
- "test": "vitest run",
27
- "test:watch": "vitest",
28
- "test:crypto": "vitest run tests/crypto/",
29
- "test:core": "vitest run tests/core/",
30
- "test:integration": "vitest run tests/integration/",
31
- "test:proxy": "vitest run tests/proxy/",
32
- "proxy": "tsx src/proxy/index.ts",
33
- "proxy:start": "tsx src/proxy/index.ts start",
34
- "demo": "tsx scripts/demo.ts",
35
- "benchmark": "tsx scripts/benchmark.ts",
36
- "verify": "cd independent-verifier && npm test",
37
- "lint": "tsc --noEmit",
38
- "demo:standalone": "npx tsx standalone/main.ts",
39
- "demo:scada": "npx tsx standalone/main.ts --scenario=scada",
40
- "demo:drone": "npx tsx standalone/main.ts --scenario=drone",
41
- "demo:agent": "npx tsx standalone/main.ts --scenario=ai-agent",
42
- "demo:all": "npx tsx standalone/main.ts --scenario=all --non-interactive",
43
- "watch": "npx tsx standalone/main.ts --watch",
44
- "build:exe": "npx tsx standalone/build.ts",
45
- "verify:evidence": "npx tsx standalone/verify-evidence.ts",
46
- "prepublishOnly": "npm run build && npm run test"
47
- },
48
- "dependencies": {
49
- "@modelcontextprotocol/sdk": "^1.12.0",
50
- "@noble/ed25519": "^2.1.0",
51
- "@noble/hashes": "^1.7.0",
52
- "commander": "^14.0.3",
53
- "uuid": "^11.1.0",
54
- "zod": "^3.24.0"
55
- },
56
- "optionalDependencies": {
57
- "better-sqlite3": "^11.7.0"
58
- },
59
- "devDependencies": {
60
- "@types/better-sqlite3": "^7.6.12",
61
- "@types/node": "^22.10.0",
62
- "@types/uuid": "^10.0.0",
63
- "postject": "^1.0.0-alpha.6",
64
- "tsx": "^4.19.0",
65
- "typescript": "^5.7.0",
66
- "vitest": "^2.1.0"
67
- },
68
- "files": [
69
- "dist/",
70
- "src/",
71
- "independent-verifier/verify.ts",
72
- "independent-verifier/package.json",
73
- "independent-verifier/README.md",
74
- "README.md",
75
- "LICENSE",
76
- "SECURITY.md"
77
- ],
78
- "engines": {
79
- "node": ">=20.0.0"
80
- },
81
- "keywords": [
82
- "mcp",
83
- "mcp-server",
84
- "model-context-protocol",
85
- "ai-governance",
86
- "ai-agent-security",
87
- "agentic-ai",
88
- "attestation",
89
- "governance",
90
- "cryptographic-enforcement",
91
- "runtime-integrity",
92
- "evidence-bundles",
93
- "ed25519",
94
- "policy-artifacts",
95
- "attested-intelligence"
96
- ]
97
- }
1
+ {
2
+ "name": "@attested-intelligence/aga-mcp-server",
3
+ "version": "2.2.1",
4
+ "description": "MCP server for cryptographic AI agent governance. Seal policy artifacts, enforce at runtime, prove with signed receipts and offline-verifiable evidence bundles.",
5
+ "author": "Attested Intelligence Holdings LLC",
6
+ "license": "MIT",
7
+ "homepage": "https://attestedintelligence.com/technology",
8
+ "repository": {
9
+ "type": "git",
10
+ "url": "https://github.com/attestedintelligence/AGA"
11
+ },
12
+ "bugs": {
13
+ "url": "https://github.com/attestedintelligence/AGA/issues"
14
+ },
15
+ "type": "module",
16
+ "main": "dist/index.js",
17
+ "types": "dist/index.d.ts",
18
+ "files": [
19
+ "dist/",
20
+ "README.md",
21
+ "LICENSE"
22
+ ],
23
+ "bin": {
24
+ "aga-mcp-server": "dist/index.js",
25
+ "aga-proxy": "dist/proxy/index.js"
26
+ },
27
+ "scripts": {
28
+ "build": "tsc",
29
+ "start": "node dist/index.js",
30
+ "dev": "tsx src/index.ts",
31
+ "test": "vitest run",
32
+ "test:watch": "vitest",
33
+ "test:crypto": "vitest run tests/crypto/",
34
+ "test:core": "vitest run tests/core/",
35
+ "test:integration": "vitest run tests/integration/",
36
+ "test:proxy": "vitest run tests/proxy/",
37
+ "proxy": "tsx src/proxy/index.ts",
38
+ "proxy:start": "tsx src/proxy/index.ts start",
39
+ "demo": "tsx scripts/demo.ts",
40
+ "benchmark": "tsx scripts/benchmark.ts",
41
+ "verify": "cd independent-verifier && npm test",
42
+ "lint": "tsc --noEmit",
43
+ "demo:standalone": "npx tsx standalone/main.ts",
44
+ "demo:scada": "npx tsx standalone/main.ts --scenario=scada",
45
+ "demo:drone": "npx tsx standalone/main.ts --scenario=drone",
46
+ "demo:agent": "npx tsx standalone/main.ts --scenario=ai-agent",
47
+ "demo:all": "npx tsx standalone/main.ts --scenario=all --non-interactive",
48
+ "watch": "npx tsx standalone/main.ts --watch",
49
+ "build:exe": "npx tsx standalone/build.ts",
50
+ "verify:evidence": "npx tsx standalone/verify-evidence.ts",
51
+ "prepublishOnly": "npm run build && npm run test"
52
+ },
53
+ "dependencies": {
54
+ "@modelcontextprotocol/sdk": "^1.12.0",
55
+ "@noble/ed25519": "^2.1.0",
56
+ "@noble/hashes": "^1.7.0",
57
+ "commander": "^14.0.3",
58
+ "uuid": "^11.1.0",
59
+ "zod": "^3.24.0"
60
+ },
61
+ "optionalDependencies": {
62
+ "better-sqlite3": "^11.7.0"
63
+ },
64
+ "devDependencies": {
65
+ "@types/better-sqlite3": "^7.6.12",
66
+ "@types/node": "^22.10.0",
67
+ "@types/uuid": "^10.0.0",
68
+ "postject": "^1.0.0-alpha.6",
69
+ "tsx": "^4.19.0",
70
+ "typescript": "^5.7.0",
71
+ "vitest": "^2.1.0"
72
+ },
73
+ "engines": {
74
+ "node": ">=20.0.0"
75
+ },
76
+ "keywords": [
77
+ "mcp",
78
+ "mcp-server",
79
+ "model-context-protocol",
80
+ "ai-governance",
81
+ "ai-agent-security",
82
+ "agentic-ai",
83
+ "attestation",
84
+ "governance",
85
+ "cryptographic-enforcement",
86
+ "runtime-integrity",
87
+ "evidence-bundles",
88
+ "ed25519",
89
+ "policy-artifacts",
90
+ "attested-intelligence"
91
+ ]
92
+ }
package/SECURITY.md DELETED
@@ -1,59 +0,0 @@
1
- # Security Policy
2
-
3
- ## Reporting a Vulnerability
4
-
5
- If you discover a security vulnerability in AGA, please report it responsibly.
6
-
7
- **Email:** [admin@attestedintelligence.com](mailto:admin@attestedintelligence.com)
8
-
9
- **Subject line:** `[SECURITY] AGA Vulnerability Report`
10
-
11
- ### What to Include
12
-
13
- - Description of the vulnerability
14
- - Steps to reproduce
15
- - Potential impact assessment
16
- - Suggested fix (if you have one)
17
-
18
- ### Response Timeline
19
-
20
- - **Acknowledgment:** Within 48 hours of receipt
21
- - **Initial assessment:** Within 5 business days
22
- - **Resolution target:** Dependent on severity, typically within 30 days for critical issues
23
-
24
- ### Scope
25
-
26
- This policy covers:
27
-
28
- - The AGA reference implementation (`src/`, `independent-verifier/`)
29
- - The MCP server (`@attested-intelligence/aga-mcp-server`)
30
- - Cryptographic operations (signing, verification, hash computation, chain integrity)
31
- - Evidence Bundle generation and verification
32
-
33
- ### Out of Scope
34
-
35
- - The attestedintelligence.com website (report separately to the same email)
36
- - Third-party dependencies (report to the upstream maintainer, but let us know)
37
- - Social engineering or phishing attacks
38
-
39
- ### Cryptographic Considerations
40
-
41
- AGA relies on Ed25519 signatures, SHA-256 hashing, BLAKE2b-256 fingerprinting, and Merkle tree anchoring. If you identify a weakness in how these primitives are applied (not the primitives themselves), that is a valid report.
42
-
43
- Key areas of concern:
44
-
45
- - Sealed hash computation correctness
46
- - Receipt chain integrity (hash linking)
47
- - Merkle checkpoint verification
48
- - Key separation enforcement between Portal and agent
49
- - Evidence Bundle completeness and tamper detection
50
-
51
- ### Disclosure
52
-
53
- We follow coordinated disclosure. Please do not publicly disclose vulnerabilities until we have released a fix or 90 days have elapsed, whichever comes first.
54
-
55
- We do not currently operate a bug bounty program.
56
-
57
- ---
58
-
59
- Attested Intelligence Holdings LLC
@@ -1,31 +0,0 @@
1
- # AGA Independent Verifier
2
-
3
- Standalone verification of AGA Evidence Bundles using only standard
4
- cryptographic libraries. **This verifier imports zero modules from the
5
- AGA codebase.**
6
-
7
- ## Why This Exists
8
-
9
- AGA claims that Evidence Bundles provide tamper-evident, offline-verifiable
10
- proof of governance enforcement. This verifier proves that claim by
11
- implementing the complete 4-step verification using only Ed25519 and SHA-256
12
- from @noble - no AGA code, no trust assumptions, no hidden dependencies.
13
-
14
- ## Usage
15
-
16
- ```bash
17
- npx tsx verify.ts <bundle.json>
18
- ```
19
-
20
- ## What It Verifies
21
-
22
- 1. **Artifact Signature** - Ed25519 over RFC 8785 canonical JSON
23
- 2. **Receipt Signatures** - Ed25519 for each enforcement receipt
24
- 3. **Merkle Inclusion Proofs** - Structural metadata leaf hashes vs checkpoint root
25
- 4. **Checkpoint Anchor** - (Optional, requires network access)
26
-
27
- Steps 1-3 work fully offline. Step 4 is optional.
28
-
29
- ## Reference
30
-
31
- Implements the AGA 4-step offline verification process.
@@ -1,18 +0,0 @@
1
- {
2
- "name": "aga-independent-verifier",
3
- "version": "1.0.0",
4
- "description": "Standalone verification of AGA Evidence Bundles - zero AGA imports",
5
- "type": "module",
6
- "scripts": {
7
- "verify": "npx tsx verify.ts",
8
- "test": "npx vitest run"
9
- },
10
- "dependencies": {
11
- "@noble/ed25519": "^2.1.0",
12
- "@noble/hashes": "^1.7.0"
13
- },
14
- "devDependencies": {
15
- "tsx": "^4.19.0",
16
- "vitest": "^2.1.0"
17
- }
18
- }
@@ -1,211 +0,0 @@
1
- /**
2
- * AGA Independent Verifier
3
- *
4
- * Standalone verification of AGA Evidence Bundles using ONLY standard
5
- * cryptographic libraries. This verifier imports ZERO modules from the
6
- * AGA codebase (../src/).
7
- *
8
- * Implements the full 4-step verification process:
9
- * 1. Verify artifact signature (Ed25519 over RFC 8785 canonical JSON)
10
- * 2. Verify each receipt signature (Ed25519)
11
- * 3. Verify Merkle inclusion proofs (structural metadata leaf hashes vs checkpoint root)
12
- * 4. (Optional) Verify checkpoint anchor
13
- *
14
- * Steps 1-3 work fully offline. Step 4 is optional.
15
- *
16
- * Attested Intelligence Holdings LLC
17
- */
18
- import * as ed from '@noble/ed25519';
19
- import { sha512 } from '@noble/hashes/sha512';
20
- import { sha256 } from '@noble/hashes/sha256';
21
- import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
22
-
23
- // ── Ed25519 setup ────────────────────────────────────────────
24
- ed.etc.sha512Sync = (...m: Uint8Array[]) => {
25
- const total = m.reduce((n, a) => n + a.length, 0);
26
- const buf = new Uint8Array(total);
27
- let off = 0;
28
- for (const a of m) { buf.set(a, off); off += a.length; }
29
- return sha512(buf);
30
- };
31
-
32
- const enc = new TextEncoder();
33
-
34
- // ── Types (reimplemented, no AGA imports) ────────────────────
35
-
36
- export interface VerificationResult {
37
- step1_artifact_sig: boolean;
38
- step2_receipt_sigs: boolean;
39
- step3_merkle_proofs: boolean;
40
- step4_anchor: 'VERIFIED' | 'SKIPPED';
41
- overall: boolean;
42
- errors: string[];
43
- details: {
44
- receipt_results: boolean[];
45
- proof_results: boolean[];
46
- };
47
- }
48
-
49
- interface MerkleProof {
50
- leafHash: string;
51
- leafIndex: number;
52
- siblings: Array<{ hash: string; position: 'left' | 'right' }>;
53
- root: string;
54
- }
55
-
56
- interface EvidenceBundle {
57
- artifact: Record<string, unknown> & { signature: string; issuer_identifier: string };
58
- receipts: Array<Record<string, unknown> & { portal_signature: string; receipt_id: string }>;
59
- merkle_proofs: MerkleProof[];
60
- checkpoint_reference: { merkle_root: string; [key: string]: unknown };
61
- public_key: string;
62
- bundle_signature: string;
63
- verification_tier?: string;
64
- }
65
-
66
- // ── Crypto helpers (reimplemented from scratch) ──────────────
67
-
68
- function deepSortKeys(obj: unknown): unknown {
69
- if (obj === null || obj === undefined || typeof obj !== 'object') return obj;
70
- if (Array.isArray(obj)) return obj.map(deepSortKeys);
71
- if (obj instanceof Uint8Array) return obj;
72
- const sorted: Record<string, unknown> = {};
73
- for (const key of Object.keys(obj as Record<string, unknown>).sort()) {
74
- sorted[key] = deepSortKeys((obj as Record<string, unknown>)[key]);
75
- }
76
- return sorted;
77
- }
78
-
79
- function canonicalize(obj: unknown): string {
80
- return JSON.stringify(deepSortKeys(obj));
81
- }
82
-
83
- function sha256Hex(data: string): string {
84
- return bytesToHex(sha256(enc.encode(data)));
85
- }
86
-
87
- function verifyEd25519(sigBase64: string, message: string, publicKeyHex: string): boolean {
88
- try {
89
- const sig = new Uint8Array(Buffer.from(sigBase64, 'base64'));
90
- const pk = hexToBytes(publicKeyHex);
91
- return ed.verify(sig, enc.encode(message), pk);
92
- } catch { return false; }
93
- }
94
-
95
- function merkleParentHash(left: string, right: string): string {
96
- return sha256Hex(left + right);
97
- }
98
-
99
- // ── Step 1: Verify artifact signature (Ed25519) ─────────────
100
-
101
- export function verifyArtifactSignature(artifact: EvidenceBundle['artifact']): boolean {
102
- const { signature, ...unsigned } = artifact;
103
- const canonical = canonicalize(unsigned);
104
- return verifyEd25519(signature, canonical, artifact.issuer_identifier);
105
- }
106
-
107
- // ── Step 2: Verify each receipt signature (Ed25519) ──────────
108
-
109
- export function verifyReceiptSignatures(receipts: EvidenceBundle['receipts'], portalPublicKey: string): boolean[] {
110
- return receipts.map(receipt => {
111
- const { portal_signature, ...unsigned } = receipt;
112
- const canonical = canonicalize(unsigned);
113
- return verifyEd25519(portal_signature, canonical, portalPublicKey);
114
- });
115
- }
116
-
117
- // ── Step 3: Verify Merkle inclusion proofs ───────────────────
118
-
119
- export function verifyMerkleProofs(proofs: MerkleProof[], checkpointRoot: string): boolean[] {
120
- return proofs.map(proof => {
121
- let hash = proof.leafHash;
122
- for (const sibling of proof.siblings) {
123
- hash = sibling.position === 'left'
124
- ? merkleParentHash(sibling.hash, hash)
125
- : merkleParentHash(hash, sibling.hash);
126
- }
127
- return hash === checkpointRoot;
128
- });
129
- }
130
-
131
- // ── Step 4 (optional): Verify checkpoint anchor ─────────────
132
-
133
- export function verifyCheckpointAnchor(_checkpoint: Record<string, unknown>): 'VERIFIED' | 'SKIPPED' {
134
- // Offline mode - no network access to verify on-chain anchor
135
- return 'SKIPPED';
136
- }
137
-
138
- // ── Main entry point ─────────────────────────────────────────
139
-
140
- export function verifyEvidenceBundle(bundleJson: string): VerificationResult {
141
- const errors: string[] = [];
142
- let bundle: EvidenceBundle;
143
-
144
- try {
145
- bundle = JSON.parse(bundleJson);
146
- } catch {
147
- return {
148
- step1_artifact_sig: false, step2_receipt_sigs: false,
149
- step3_merkle_proofs: false, step4_anchor: 'SKIPPED',
150
- overall: false, errors: ['Failed to parse bundle JSON'],
151
- details: { receipt_results: [], proof_results: [] },
152
- };
153
- }
154
-
155
- // Step 1: Artifact signature
156
- const step1 = verifyArtifactSignature(bundle.artifact);
157
- if (!step1) errors.push('Artifact signature verification failed');
158
-
159
- // Step 2: Receipt signatures
160
- const receiptResults = verifyReceiptSignatures(bundle.receipts, bundle.public_key);
161
- const step2 = receiptResults.every(r => r);
162
- receiptResults.forEach((r, i) => {
163
- if (!r) errors.push(`Receipt ${bundle.receipts[i].receipt_id} signature failed`);
164
- });
165
-
166
- // Step 3: Merkle inclusion proofs
167
- const proofResults = verifyMerkleProofs(bundle.merkle_proofs, bundle.checkpoint_reference.merkle_root);
168
- const step3 = proofResults.length === 0 ? true : proofResults.every(r => r);
169
- proofResults.forEach((r, i) => {
170
- if (!r) errors.push(`Merkle proof ${i} failed`);
171
- });
172
-
173
- // Step 4: Checkpoint anchor
174
- const step4 = verifyCheckpointAnchor(bundle.checkpoint_reference as Record<string, unknown>);
175
-
176
- return {
177
- step1_artifact_sig: step1,
178
- step2_receipt_sigs: step2,
179
- step3_merkle_proofs: step3,
180
- step4_anchor: step4,
181
- overall: step1 && step2 && step3,
182
- errors,
183
- details: { receipt_results: receiptResults, proof_results: proofResults },
184
- };
185
- }
186
-
187
- // ── CLI mode ─────────────────────────────────────────────────
188
-
189
- if (typeof process !== 'undefined' && process.argv[1]?.includes('verify')) {
190
- const { readFileSync } = await import('node:fs');
191
- const bundlePath = process.argv[2];
192
- if (!bundlePath) {
193
- console.error('Usage: npx tsx verify.ts <bundle.json>');
194
- process.exit(1);
195
- }
196
- const bundleJson = readFileSync(bundlePath, 'utf-8');
197
- const result = verifyEvidenceBundle(bundleJson);
198
-
199
- console.log('\nAGA Independent Verifier\n');
200
- console.log(`Step 1 - Artifact signature: ${result.step1_artifact_sig ? 'PASS' : 'FAIL'}`);
201
- console.log(`Step 2 - Receipt signatures: ${result.step2_receipt_sigs ? 'PASS' : 'FAIL'} (${result.details.receipt_results.filter(r => r).length}/${result.details.receipt_results.length})`);
202
- console.log(`Step 3 - Merkle inclusion proofs: ${result.step3_merkle_proofs ? 'PASS' : 'FAIL'} (${result.details.proof_results.filter(r => r).length}/${result.details.proof_results.length})`);
203
- console.log(`Step 4 - Checkpoint anchor: ${result.step4_anchor}`);
204
- console.log(`\nOVERALL: ${result.overall ? 'VERIFIED' : 'FAILED'}`);
205
- if (result.errors.length) {
206
- console.log('\nErrors:');
207
- result.errors.forEach(e => console.log(` - ${e}`));
208
- }
209
-
210
- process.exit(result.overall ? 0 : 1);
211
- }