@attested-intelligence/aga-mcp-server 2.2.2 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/DEPLOYMENT.md +111 -0
- package/LICENSE +21 -21
- package/README.md +59 -47
- package/SECURITY.md +59 -0
- package/THREAT_BOUNDARY.md +77 -0
- package/dist/core/behavioral.d.ts.map +1 -1
- package/dist/core/behavioral.js +11 -3
- package/dist/core/behavioral.js.map +1 -1
- package/dist/core/index.d.ts +0 -2
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +2 -2
- package/dist/core/index.js.map +1 -1
- package/dist/core/types.d.ts +1 -22
- package/dist/core/types.d.ts.map +1 -1
- package/dist/crypto/index.d.ts +0 -1
- package/dist/crypto/index.d.ts.map +1 -1
- package/dist/crypto/index.js +1 -1
- package/dist/crypto/index.js.map +1 -1
- package/dist/crypto/sign.d.ts.map +1 -1
- package/dist/crypto/sign.js +24 -23
- package/dist/crypto/sign.js.map +1 -1
- package/dist/middleware/governance.d.ts +22 -3
- package/dist/middleware/governance.d.ts.map +1 -1
- package/dist/middleware/governance.js +36 -28
- package/dist/middleware/governance.js.map +1 -1
- package/dist/proxy/index.d.ts.map +1 -1
- package/dist/proxy/index.js +26 -15
- package/dist/proxy/index.js.map +1 -1
- package/dist/proxy/server.d.ts +18 -45
- package/dist/proxy/server.d.ts.map +1 -1
- package/dist/proxy/server.js +77 -131
- package/dist/proxy/server.js.map +1 -1
- package/dist/sep/bundle.d.ts +60 -0
- package/dist/sep/bundle.d.ts.map +1 -0
- package/dist/sep/bundle.js +74 -0
- package/dist/sep/bundle.js.map +1 -0
- package/dist/sep/canonical.d.ts +28 -0
- package/dist/sep/canonical.d.ts.map +1 -0
- package/dist/sep/canonical.js +62 -0
- package/dist/sep/canonical.js.map +1 -0
- package/dist/sep/checkpoint.d.ts +15 -0
- package/dist/sep/checkpoint.d.ts.map +1 -0
- package/dist/sep/checkpoint.js +28 -0
- package/dist/sep/checkpoint.js.map +1 -0
- package/dist/sep/crypto.d.ts +20 -0
- package/dist/sep/crypto.d.ts.map +1 -0
- package/dist/sep/crypto.js +104 -0
- package/dist/sep/crypto.js.map +1 -0
- package/dist/sep/index.d.ts +14 -0
- package/dist/sep/index.d.ts.map +1 -0
- package/dist/sep/index.js +14 -0
- package/dist/sep/index.js.map +1 -0
- package/dist/sep/merkle.d.ts +11 -0
- package/dist/sep/merkle.d.ts.map +1 -0
- package/dist/sep/merkle.js +51 -0
- package/dist/sep/merkle.js.map +1 -0
- package/dist/sep/receipt.d.ts +64 -0
- package/dist/sep/receipt.d.ts.map +1 -0
- package/dist/sep/receipt.js +0 -0
- package/dist/sep/receipt.js.map +1 -0
- package/dist/sep/verify.d.ts +14 -0
- package/dist/sep/verify.d.ts.map +1 -0
- package/dist/sep/verify.js +158 -0
- package/dist/sep/verify.js.map +1 -0
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +83 -39
- package/dist/server.js.map +1 -1
- package/dist/storage/interface.d.ts +1 -4
- package/dist/storage/interface.d.ts.map +1 -1
- package/dist/storage/memory.d.ts +1 -5
- package/dist/storage/memory.d.ts.map +1 -1
- package/dist/storage/memory.js +0 -4
- package/dist/storage/memory.js.map +1 -1
- package/dist/storage/sqlite.d.ts +1 -4
- package/dist/storage/sqlite.d.ts.map +1 -1
- package/dist/storage/sqlite.js +0 -4
- package/dist/storage/sqlite.js.map +1 -1
- package/dist/utils/canonical.d.ts.map +1 -1
- package/dist/utils/canonical.js +11 -1
- package/dist/utils/canonical.js.map +1 -1
- package/dist/utils/timestamp.d.ts.map +1 -1
- package/dist/utils/timestamp.js +4 -1
- package/dist/utils/timestamp.js.map +1 -1
- package/dist/utils/uuid.d.ts +1 -0
- package/dist/utils/uuid.d.ts.map +1 -1
- package/dist/utils/uuid.js +3 -2
- package/dist/utils/uuid.js.map +1 -1
- package/package.json +87 -93
- package/dist/core/bundle.d.ts +0 -20
- package/dist/core/bundle.d.ts.map +0 -1
- package/dist/core/bundle.js +0 -45
- package/dist/core/bundle.js.map +0 -1
- package/dist/core/checkpoint.d.ts +0 -8
- package/dist/core/checkpoint.d.ts.map +0 -1
- package/dist/core/checkpoint.js +0 -21
- package/dist/core/checkpoint.js.map +0 -1
- package/dist/crypto/merkle.d.ts +0 -8
- package/dist/crypto/merkle.d.ts.map +0 -1
- package/dist/crypto/merkle.js +0 -42
- package/dist/crypto/merkle.js.map +0 -1
- package/dist/proxy/verify.d.ts +0 -28
- package/dist/proxy/verify.d.ts.map +0 -1
- package/dist/proxy/verify.js +0 -182
- package/dist/proxy/verify.js.map +0 -1
package/dist/core/types.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* V3: Aligned with NIST-2025-0035 and NCCoE AI Agent Identity filings.
|
|
3
3
|
*/
|
|
4
|
-
import type { HashHex, SignatureBase64, SaltHex
|
|
4
|
+
import type { HashHex, SignatureBase64, SaltHex } from '../crypto/types.js';
|
|
5
5
|
export interface SubjectIdentifier {
|
|
6
6
|
bytes_hash: HashHex;
|
|
7
7
|
metadata_hash: HashHex;
|
|
@@ -115,27 +115,6 @@ export interface StructuralMetadata {
|
|
|
115
115
|
timestamp: string;
|
|
116
116
|
previous_leaf_hash: HashHex | null;
|
|
117
117
|
}
|
|
118
|
-
export interface CheckpointReference {
|
|
119
|
-
merkle_root: HashHex;
|
|
120
|
-
batch_start_sequence: number;
|
|
121
|
-
batch_end_sequence: number;
|
|
122
|
-
anchor_network: string;
|
|
123
|
-
transaction_id: string;
|
|
124
|
-
timestamp: string;
|
|
125
|
-
}
|
|
126
|
-
export interface AnchorBatchPayload {
|
|
127
|
-
checkpoint_reference: CheckpointReference;
|
|
128
|
-
leaf_count: number;
|
|
129
|
-
}
|
|
130
|
-
export interface EvidenceBundle {
|
|
131
|
-
artifact: PolicyArtifact;
|
|
132
|
-
receipts: SignedReceipt[];
|
|
133
|
-
merkle_proofs: MerkleInclusionProof[];
|
|
134
|
-
checkpoint_reference: CheckpointReference;
|
|
135
|
-
public_key: string;
|
|
136
|
-
bundle_signature: SignatureBase64;
|
|
137
|
-
verification_tier?: VerificationTier;
|
|
138
|
-
}
|
|
139
118
|
export interface DisclosureRequest {
|
|
140
119
|
requested_claim_id: string;
|
|
141
120
|
requester_id: string;
|
package/dist/core/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;EAEE;AACF,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;EAEE;AACF,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAI5E,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAEjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAAG,gBAAgB,GAAG,iBAAiB,GACzD,iBAAiB,GAAI,MAAM,GAAa,WAAW,GACnD,gBAAgB,GAAK,cAAc,GAAK,mBAAmB,GAC3D,gBAAgB,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;IACrC,mBAAmB,CAAC,EAAE,qBAAqB,CAAC;CAC7C;AAED,uFAAuF;AACvF,MAAM,WAAW,qBAAqB;IACpC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,mBAAmB,EAAE,MAAM,EAAE,EAAE,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrC;AAID,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAC/E,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAEzE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,GACd,kBAAkB,GAClB,YAAY,GACZ,aAAa,GACb,gBAAgB,CAAC;AAErB,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CACpC;AAQD,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,uBAAuB,GACvB,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,YAAY,GACZ,YAAY,CAAC;AAEjB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAM5D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAC3E,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAID,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,yBAAyB,EAAE,OAAO,CAAC;IACnC,cAAc,EAAE,cAAc,CAAC;IAC/B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,MAAM,gBAAgB,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC"}
|
package/dist/crypto/index.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC"}
|
package/dist/crypto/index.js
CHANGED
|
@@ -2,5 +2,5 @@ export * from './types.js';
|
|
|
2
2
|
export * from './hash.js';
|
|
3
3
|
export * from './sign.js';
|
|
4
4
|
export * from './salt.js';
|
|
5
|
-
|
|
5
|
+
// './merkle.js' removed (P4) — legacy hex-concat continuity Merkle. Canonical Merkle = src/sep/merkle.ts.
|
|
6
6
|
//# sourceMappingURL=index.js.map
|
package/dist/crypto/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,0GAA0G"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../../src/crypto/sign.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../../src/crypto/sign.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAWtE,wBAAgB,eAAe,IAAI,OAAO,CAKzC;AAED,wBAAgB,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,GAAG,SAAS,CAE/D;AACD,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,GAAG,SAAS,CAAsC;AAErG,wBAAgB,MAAM,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,GAAG,OAAO,CAE/E;AACD,wBAAgB,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,GAAG,OAAO,CAE9E;AAED,eAAO,MAAM,QAAQ,GAAI,GAAG,SAAS,KAAG,eAAoD,CAAC;AAC7F,eAAO,MAAM,QAAQ,GAAI,GAAG,eAAe,KAAG,SAAqD,CAAC;AACpG,eAAO,MAAM,OAAO,GAAI,IAAI,UAAU,KAAG,MAAyC,CAAC;AACnF,eAAO,MAAM,OAAO,GAAI,GAAG,MAAM,KAAG,UAAmD,CAAC;AAExF,iFAAiF;AACjF,wBAAgB,cAAc,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAE3D"}
|
package/dist/crypto/sign.js
CHANGED
|
@@ -1,28 +1,30 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
off += a.length;
|
|
13
|
-
}
|
|
14
|
-
return sha512(buf);
|
|
15
|
-
};
|
|
1
|
+
/**
|
|
2
|
+
* Ed25519 signing — node:crypto only (no third-party Ed25519 library), so the package ships ONE
|
|
3
|
+
* Ed25519 implementation (the canonical src/sep engine uses node:crypto too). Byte-for-byte
|
|
4
|
+
* compatible with the prior implementation: a 32-byte secretKey IS the RFC-8032 seed, and
|
|
5
|
+
* Ed25519 signatures are deterministic, so existing keys/signatures verify unchanged.
|
|
6
|
+
*
|
|
7
|
+
* (@noble/hashes is still used elsewhere for blake2b, which node:crypto does not expose.)
|
|
8
|
+
*/
|
|
9
|
+
import { createHash, createPrivateKey, createPublicKey, generateKeyPairSync, sign as nodeSign, verify as nodeVerify, } from 'node:crypto';
|
|
10
|
+
const SPKI = Buffer.from('302a300506032b6570032100', 'hex'); // Ed25519 SubjectPublicKeyInfo prefix
|
|
11
|
+
const PKCS8 = Buffer.from('302e020100300506032b657004220420', 'hex'); // Ed25519 PKCS8 seed prefix
|
|
16
12
|
const enc = new TextEncoder();
|
|
13
|
+
const privFromSeed = (sk) => createPrivateKey({ key: Buffer.concat([PKCS8, Buffer.from(sk)]), format: 'der', type: 'pkcs8' });
|
|
14
|
+
const pubFromRaw = (pk) => createPublicKey({ key: Buffer.concat([SPKI, Buffer.from(pk)]), format: 'der', type: 'spki' });
|
|
17
15
|
export function generateKeyPair() {
|
|
18
|
-
const
|
|
19
|
-
|
|
16
|
+
const { privateKey } = generateKeyPairSync('ed25519');
|
|
17
|
+
const secretKey = new Uint8Array(privateKey.export({ format: 'der', type: 'pkcs8' }).subarray(-32));
|
|
18
|
+
const publicKey = new Uint8Array(createPublicKey(privateKey).export({ format: 'der', type: 'spki' }).subarray(-32));
|
|
19
|
+
return { publicKey, secretKey };
|
|
20
|
+
}
|
|
21
|
+
export function sign(msg, sk) {
|
|
22
|
+
return new Uint8Array(nodeSign(null, Buffer.from(msg), privFromSeed(sk)));
|
|
20
23
|
}
|
|
21
|
-
export function sign(msg, sk) { return ed.sign(msg, sk); }
|
|
22
24
|
export function signStr(msg, sk) { return sign(enc.encode(msg), sk); }
|
|
23
25
|
export function verify(sig, msg, pk) {
|
|
24
26
|
try {
|
|
25
|
-
return
|
|
27
|
+
return nodeVerify(null, Buffer.from(msg), pubFromRaw(pk), Buffer.from(sig));
|
|
26
28
|
}
|
|
27
29
|
catch {
|
|
28
30
|
return false;
|
|
@@ -33,11 +35,10 @@ export function verifyStr(sig, msg, pk) {
|
|
|
33
35
|
}
|
|
34
36
|
export const sigToB64 = (s) => Buffer.from(s).toString('base64');
|
|
35
37
|
export const b64ToSig = (b) => new Uint8Array(Buffer.from(b, 'base64'));
|
|
36
|
-
export const pkToHex = (pk) =>
|
|
37
|
-
export const hexToPk = (h) =>
|
|
38
|
+
export const pkToHex = (pk) => Buffer.from(pk).toString('hex');
|
|
39
|
+
export const hexToPk = (h) => new Uint8Array(Buffer.from(h, 'hex'));
|
|
38
40
|
/** Key fingerprint: SHA-256 prefix of public key hex, 16-char hex identifier. */
|
|
39
41
|
export function keyFingerprint(publicKeyHex) {
|
|
40
|
-
|
|
41
|
-
return hash.slice(0, 16);
|
|
42
|
+
return createHash('sha256').update(Buffer.from(publicKeyHex, 'utf8')).digest('hex').slice(0, 16);
|
|
42
43
|
}
|
|
43
44
|
//# sourceMappingURL=sign.js.map
|
package/dist/crypto/sign.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../../src/crypto/sign.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../../src/crypto/sign.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EACL,UAAU,EAAE,gBAAgB,EAAE,eAAe,EAAE,mBAAmB,EAClE,IAAI,IAAI,QAAQ,EAAE,MAAM,IAAI,UAAU,GACvC,MAAM,aAAa,CAAC;AAGrB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC,CAAQ,sCAAsC;AAC1G,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC,CAAC,4BAA4B;AAClG,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,MAAM,YAAY,GAAG,CAAC,EAAc,EAAE,EAAE,CACtC,gBAAgB,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AACnG,MAAM,UAAU,GAAG,CAAC,EAAc,EAAE,EAAE,CACpC,eAAe,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;AAEhG,MAAM,UAAU,eAAe;IAC7B,MAAM,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACpG,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACpH,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,GAAe,EAAE,EAAc;IAClD,OAAO,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAC5E,CAAC;AACD,MAAM,UAAU,OAAO,CAAC,GAAW,EAAE,EAAc,IAAe,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;AAErG,MAAM,UAAU,MAAM,CAAC,GAAc,EAAE,GAAe,EAAE,EAAc;IACpE,IAAI,CAAC;QAAC,OAAO,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AAC9G,CAAC;AACD,MAAM,UAAU,SAAS,CAAC,GAAc,EAAE,GAAW,EAAE,EAAc;IACnE,OAAO,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,CAAY,EAAmB,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC7F,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,CAAkB,EAAa,EAAE,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;AACpG,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,EAAc,EAAU,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACnF,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,CAAS,EAAc,EAAE,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;AAExF,iFAAiF;AACjF,MAAM,UAAU,cAAc,CAAC,YAAoB;IACjD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACnG,CAAC"}
|
|
@@ -8,8 +8,12 @@
|
|
|
8
8
|
* Behavior:
|
|
9
9
|
* - TERMINATED state → reject all governed tools
|
|
10
10
|
* - PHANTOM_QUARANTINE → capture tool call as forensic input, reject
|
|
11
|
-
* - ACTIVE_MONITORING → allow,
|
|
12
|
-
* - Ungoverned tools (
|
|
11
|
+
* - ACTIVE_MONITORING → allow, record a signed PERMITTED SEP receipt, then run
|
|
12
|
+
* - Ungoverned tools (UNGOVERNED_TOOLS below: read/bootstrap/evidence/monitor) → run unwrapped
|
|
13
|
+
*
|
|
14
|
+
* Single source of truth for the governed/ungoverned partition is UNGOVERNED_TOOLS. A tool is
|
|
15
|
+
* GOVERNED (emits a signed PERMITTED/DENIED receipt) iff it is NOT in that set. Any new tool that
|
|
16
|
+
* performs a side-effecting agent action MUST be governed (i.e. absent from the set).
|
|
13
17
|
*/
|
|
14
18
|
import type { Portal } from '../core/portal.js';
|
|
15
19
|
import type { QuarantineState } from '../core/types.js';
|
|
@@ -21,7 +25,22 @@ export type ToolResult = {
|
|
|
21
25
|
}>;
|
|
22
26
|
};
|
|
23
27
|
export type ToolHandler<T = any> = (args: T) => Promise<ToolResult>;
|
|
28
|
+
/**
|
|
29
|
+
* The authoritative ungoverned set (read/bootstrap/evidence/monitor). A tool is GOVERNED iff it
|
|
30
|
+
* is NOT here. Exported so a test can assert the partition and catch drift. Adding a side-effecting
|
|
31
|
+
* agent action? Do NOT list it here.
|
|
32
|
+
*/
|
|
33
|
+
export declare const UNGOVERNED_TOOLS: Set<string>;
|
|
34
|
+
/** A governance decision surfaced to the SEP ledger (one signed receipt per governed call).
|
|
35
|
+
* `argsHash` is the PRECOMPUTED safe arguments_hash — the recorder must use it directly and
|
|
36
|
+
* never re-canonicalize the raw args (which could be a depth-bomb). */
|
|
37
|
+
export type GovernanceDecision = {
|
|
38
|
+
tool: string;
|
|
39
|
+
decision: 'PERMITTED' | 'DENIED';
|
|
40
|
+
reason: string;
|
|
41
|
+
argsHash: string;
|
|
42
|
+
};
|
|
24
43
|
export declare function createGovernanceWrapper(portal: Portal, quarantine: {
|
|
25
44
|
current: QuarantineState | null;
|
|
26
|
-
}, toolName: string, behavioralMonitor?: BehavioralMonitor): <T>(handler: ToolHandler<T>) => ToolHandler<T>;
|
|
45
|
+
}, toolName: string, behavioralMonitor?: BehavioralMonitor, record?: (d: GovernanceDecision) => void): <T>(handler: ToolHandler<T>) => ToolHandler<T>;
|
|
27
46
|
//# sourceMappingURL=governance.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAG/D,MAAM,MAAM,UAAU,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE,CAAC;AAC5E,MAAM,MAAM,WAAW,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;AAEpE;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,aAgB3B,CAAC;AAEH;;wEAEwE;AACxE,MAAM,MAAM,kBAAkB,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,WAAW,GAAG,QAAQ,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE;IAAE,OAAO,EAAE,eAAe,GAAG,IAAI,CAAA;CAAE,EAC/C,QAAQ,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,iBAAiB,EACrC,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,kBAAkB,KAAK,IAAI,IAIZ,CAAC,EAAE,SAAS,WAAW,CAAC,CAAC,CAAC,KAAG,WAAW,CAAC,CAAC,CAAC,CAiDxE"}
|
|
@@ -1,17 +1,28 @@
|
|
|
1
1
|
import { captureInput } from '../core/quarantine.js';
|
|
2
|
-
import {
|
|
3
|
-
|
|
4
|
-
|
|
2
|
+
import { safeArgumentsHash } from '../sep/index.js';
|
|
3
|
+
/**
|
|
4
|
+
* The authoritative ungoverned set (read/bootstrap/evidence/monitor). A tool is GOVERNED iff it
|
|
5
|
+
* is NOT here. Exported so a test can assert the partition and catch drift. Adding a side-effecting
|
|
6
|
+
* agent action? Do NOT list it here.
|
|
7
|
+
*/
|
|
8
|
+
export const UNGOVERNED_TOOLS = new Set([
|
|
5
9
|
'get_server_info',
|
|
6
10
|
'get_portal_state',
|
|
7
11
|
'get_receipts',
|
|
8
12
|
'get_chain_events',
|
|
9
13
|
'list_claims',
|
|
10
14
|
'init_chain', // must work before attestation
|
|
11
|
-
'attest_subject', // creates the governance relationship
|
|
15
|
+
'attest_subject', // creates the governance relationship (re-attest does NOT reset the SEP ledger)
|
|
12
16
|
'verify_chain', // read-only verification
|
|
17
|
+
// Evidence operations: must work even after TERMINATION (you need to export/verify
|
|
18
|
+
// the evidence ESPECIALLY after governance is revoked). Not agent actions → not SEP-recorded.
|
|
19
|
+
'generate_evidence_bundle',
|
|
20
|
+
'verify_bundle_offline',
|
|
21
|
+
// Detective behavioral monitor: it self-records a signed SEP receipt for any drift finding
|
|
22
|
+
// (and for opt-in enforcement) inside its own handler, so it is not double-recorded here.
|
|
23
|
+
'measure_behavior',
|
|
13
24
|
]);
|
|
14
|
-
export function createGovernanceWrapper(portal, quarantine, toolName, behavioralMonitor) {
|
|
25
|
+
export function createGovernanceWrapper(portal, quarantine, toolName, behavioralMonitor, record) {
|
|
15
26
|
const isGoverned = !UNGOVERNED_TOOLS.has(toolName);
|
|
16
27
|
return function wrapHandler(handler) {
|
|
17
28
|
if (!isGoverned)
|
|
@@ -20,14 +31,18 @@ export function createGovernanceWrapper(portal, quarantine, toolName, behavioral
|
|
|
20
31
|
const j = (x) => ({
|
|
21
32
|
content: [{ type: 'text', text: JSON.stringify(x, null, 2) }]
|
|
22
33
|
});
|
|
34
|
+
// Hash the arguments ONCE, safely (never throws). `ok=false` means they could not be
|
|
35
|
+
// canonicalized (e.g. a depth-bomb) — we fail closed below. Computing it up front means
|
|
36
|
+
// every recorded decision (allow OR deny) carries a valid hash and can never be silently
|
|
37
|
+
// dropped by a canonicalize throw (anti-DoS / anti-silent-erasure).
|
|
38
|
+
const { hash: argsHash, ok: argsOk } = safeArgumentsHash(args);
|
|
39
|
+
const deny = (reason, extra = {}) => {
|
|
40
|
+
record?.({ tool: toolName, decision: 'DENIED', reason, argsHash });
|
|
41
|
+
return j({ success: false, error: reason, portal_state: portal.state, tool: toolName, ...extra });
|
|
42
|
+
};
|
|
23
43
|
// TERMINATED → reject everything
|
|
24
44
|
if (portal.state === 'TERMINATED') {
|
|
25
|
-
return
|
|
26
|
-
success: false,
|
|
27
|
-
error: 'GOVERNANCE_BLOCKED: Portal is terminated. Agent governance has been revoked. Re-attestation required.',
|
|
28
|
-
portal_state: portal.state,
|
|
29
|
-
tool: toolName,
|
|
30
|
-
});
|
|
45
|
+
return deny('GOVERNANCE_BLOCKED: Portal is terminated. Agent governance has been revoked. Re-attestation required.');
|
|
31
46
|
}
|
|
32
47
|
// PHANTOM_QUARANTINE → capture as forensic input, reject
|
|
33
48
|
if (portal.state === 'PHANTOM_QUARANTINE' && quarantine.current?.active) {
|
|
@@ -36,28 +51,21 @@ export function createGovernanceWrapper(portal, quarantine, toolName, behavioral
|
|
|
36
51
|
args,
|
|
37
52
|
timestamp: new Date().toISOString(),
|
|
38
53
|
});
|
|
39
|
-
return
|
|
40
|
-
success: false,
|
|
41
|
-
error: 'GOVERNANCE_QUARANTINED: Agent is in phantom quarantine. All outputs are severed. Inputs are being captured for forensic analysis.',
|
|
42
|
-
portal_state: portal.state,
|
|
43
|
-
tool: toolName,
|
|
44
|
-
forensic_capture: true,
|
|
45
|
-
});
|
|
54
|
+
return deny('GOVERNANCE_QUARANTINED: Agent is in phantom quarantine. All outputs are severed. Inputs are being captured for forensic analysis.', { forensic_capture: true });
|
|
46
55
|
}
|
|
47
56
|
// INITIALIZATION or ARTIFACT_VERIFICATION → not yet governed
|
|
48
57
|
if (portal.state === 'INITIALIZATION' || portal.state === 'ARTIFACT_VERIFICATION') {
|
|
49
|
-
return
|
|
50
|
-
success: false,
|
|
51
|
-
error: 'GOVERNANCE_NOT_READY: No active policy artifact. Call attest_subject first.',
|
|
52
|
-
portal_state: portal.state,
|
|
53
|
-
tool: toolName,
|
|
54
|
-
});
|
|
58
|
+
return deny('GOVERNANCE_NOT_READY: No active policy artifact. Call attest_subject first.');
|
|
55
59
|
}
|
|
56
|
-
//
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
+
// Fail closed: arguments that cannot be canonicalized (depth-bomb / hostile payload) are
|
|
61
|
+
// DENIED and recorded — the governed call is never silently executed or dropped.
|
|
62
|
+
if (!argsOk) {
|
|
63
|
+
return deny('GOVERNANCE_FAILCLOSED: tool arguments could not be canonicalized (too deeply nested or invalid); refusing the call.');
|
|
60
64
|
}
|
|
65
|
+
// ACTIVE_MONITORING or DRIFT_DETECTED → record PERMITTED + allow through
|
|
66
|
+
if (behavioralMonitor)
|
|
67
|
+
behavioralMonitor.recordInvocation(toolName, argsHash);
|
|
68
|
+
record?.({ tool: toolName, decision: 'PERMITTED', reason: `policy allows (portal ${portal.state})`, argsHash });
|
|
61
69
|
return handler(args);
|
|
62
70
|
};
|
|
63
71
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAKpD;;;;GAIG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IACtC,iBAAiB;IACjB,kBAAkB;IAClB,cAAc;IACd,kBAAkB;IAClB,aAAa;IACb,YAAY,EAAS,+BAA+B;IACpD,gBAAgB,EAAK,gFAAgF;IACrG,cAAc,EAAO,yBAAyB;IAC9C,mFAAmF;IACnF,8FAA8F;IAC9F,0BAA0B;IAC1B,uBAAuB;IACvB,2FAA2F;IAC3F,0FAA0F;IAC1F,kBAAkB;CACnB,CAAC,CAAC;AAOH,MAAM,UAAU,uBAAuB,CACrC,MAAc,EACd,UAA+C,EAC/C,QAAgB,EAChB,iBAAqC,EACrC,MAAwC;IAExC,MAAM,UAAU,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAEnD,OAAO,SAAS,WAAW,CAAI,OAAuB;QACpD,IAAI,CAAC,UAAU;YAAE,OAAO,OAAO,CAAC;QAEhC,OAAO,KAAK,EAAE,IAAO,EAAuB,EAAE;YAC5C,MAAM,CAAC,GAAG,CAAC,CAAU,EAAc,EAAE,CAAC,CAAC;gBACrC,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aAC9D,CAAC,CAAC;YACH,qFAAqF;YACrF,wFAAwF;YACxF,yFAAyF;YACzF,oEAAoE;YACpE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAC/D,MAAM,IAAI,GAAG,CAAC,MAAc,EAAE,QAAiC,EAAE,EAAc,EAAE;gBAC/E,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACnE,OAAO,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC;YACpG,CAAC,CAAC;YAEF,iCAAiC;YACjC,IAAI,MAAM,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC;gBAClC,OAAO,IAAI,CAAC,uGAAuG,CAAC,CAAC;YACvH,CAAC;YAED,yDAAyD;YACzD,IAAI,MAAM,CAAC,KAAK,KAAK,oBAAoB,IAAI,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;gBACxE,YAAY,CAAC,UAAU,CAAC,OAAO,EAAE,aAAa,QAAQ,EAAE,EAAE;oBACxD,IAAI,EAAE,QAAQ;oBACd,IAAI;oBACJ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,mIAAmI,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/K,CAAC;YAED,6DAA6D;YAC7D,IAAI,MAAM,CAAC,KAAK,KAAK,gBAAgB,IAAI,MAAM,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;gBAClF,OAAO,IAAI,CAAC,6EAA6E,CAAC,CAAC;YAC7F,CAAC;YAED,yFAAyF;YACzF,iFAAiF;YACjF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,IAAI,CAAC,qHAAqH,CAAC,CAAC;YACrI,CAAC;YAED,yEAAyE;YACzE,IAAI,iBAAiB;gBAAE,iBAAiB,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC9E,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,yBAAyB,MAAM,CAAC,KAAK,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;YAChH,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/proxy/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;GAcG;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/proxy/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;GAcG;AA8OH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5E,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC"}
|
package/dist/proxy/index.js
CHANGED
|
@@ -20,6 +20,8 @@ import * as path from 'node:path';
|
|
|
20
20
|
import * as os from 'node:os';
|
|
21
21
|
import { GovernanceProxy } from './server.js';
|
|
22
22
|
import { PROFILES } from './profiles.js';
|
|
23
|
+
// Single-source the version from package.json (resolves from src/ via tsx and dist/proxy/ when published).
|
|
24
|
+
const PKG = JSON.parse(fs.readFileSync(new URL('../../package.json', import.meta.url), 'utf8'));
|
|
23
25
|
const program = new Command();
|
|
24
26
|
let proxy = null;
|
|
25
27
|
function getDataDir() {
|
|
@@ -31,7 +33,7 @@ function getPidFile() {
|
|
|
31
33
|
program
|
|
32
34
|
.name('aga-proxy')
|
|
33
35
|
.description('AGA Governance Proxy - cryptographic runtime governance for MCP tool calls')
|
|
34
|
-
.version(
|
|
36
|
+
.version(PKG.version);
|
|
35
37
|
// ── start ────────────────────────────────────────────────────
|
|
36
38
|
program
|
|
37
39
|
.command('start')
|
|
@@ -166,20 +168,29 @@ program
|
|
|
166
168
|
// ── verify ───────────────────────────────────────────────────
|
|
167
169
|
program
|
|
168
170
|
.command('verify <bundle>')
|
|
169
|
-
.description('Verify
|
|
170
|
-
.
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
171
|
+
.description('Verify a canonical SEP evidence bundle offline (Ed25519-SHA256-JCS). Pass --pin <hex> to also prove provenance against a known gateway key.')
|
|
172
|
+
.option('--pin <hex>', 'pinned gateway public key (64 hex) — proves WHO issued the bundle')
|
|
173
|
+
.action(async (bundlePath, opts) => {
|
|
174
|
+
// ONE canonical, sound verifier for the whole package (src/sep §6): recomputes every
|
|
175
|
+
// leaf, rebuilds the Merkle root as a 0..N-1 bijection, validates the signed checkpoint,
|
|
176
|
+
// and checks provenance only against the pinned key. (The previous proxy-local verifier,
|
|
177
|
+
// which trusted each receipt's own embedded key and skipped the checkpoint, was removed.)
|
|
178
|
+
const { verifySepBundle } = await import('../sep/index.js');
|
|
179
|
+
let bundle;
|
|
180
|
+
try {
|
|
181
|
+
bundle = JSON.parse(fs.readFileSync(bundlePath, 'utf-8'));
|
|
182
|
+
}
|
|
183
|
+
catch (e) {
|
|
184
|
+
console.error(`Could not read or parse bundle: ${e}`);
|
|
185
|
+
process.exit(1);
|
|
186
|
+
}
|
|
187
|
+
const result = verifySepBundle(bundle, opts.pin);
|
|
188
|
+
for (const s of result.steps)
|
|
189
|
+
console.log(`${s.ok ? 'PASS' : 'FAIL'} ${s.name}`);
|
|
190
|
+
console.log(`\n${result.summary}`);
|
|
191
|
+
if (!opts.pin)
|
|
192
|
+
console.log('(no --pin given: integrity only, NOT provenance — pass --pin <gateway_public_key> to prove who issued it)');
|
|
193
|
+
process.exit(result.verdict === 'VERIFIED' ? 0 : 1);
|
|
183
194
|
});
|
|
184
195
|
// ── policy ───────────────────────────────────────────────────
|
|
185
196
|
const policyCmd = program.command('policy').description('Policy management');
|
package/dist/proxy/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/proxy/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAC9B,IAAI,KAAK,GAA2B,IAAI,CAAC;AAEzC,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,WAAW,CAAC,CAAC;AAC9C,CAAC;AAED,OAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CAAC,4EAA4E,CAAC;KACzF,OAAO,CAAC,OAAO,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/proxy/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC,2GAA2G;AAC3G,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAwB,CAAC;AAEvH,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAC9B,IAAI,KAAK,GAA2B,IAAI,CAAC;AAEzC,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,WAAW,CAAC,CAAC;AAC9C,CAAC;AAED,OAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CAAC,4EAA4E,CAAC;KACzF,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAExB,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,4BAA4B,CAAC;KACzC,MAAM,CAAC,mBAAmB,EAAE,YAAY,EAAE,OAAO,CAAC;KAClD,MAAM,CAAC,sBAAsB,EAAE,uCAAuC,CAAC;KACvE,MAAM,CAAC,sBAAsB,EAAE,kCAAkC,CAAC;KAClE,MAAM,CAAC,kBAAkB,EAAE,mDAAmD,EAAE,YAAY,CAAC;KAC7F,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;KACpD,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACrC,IAAI,MAAkB,CAAC;IAEvB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7D,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC;IACzD,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEjF,KAAK,GAAG,IAAI,eAAe,CAAC;QAC1B,IAAI;QACJ,MAAM;QACN,QAAQ;QACR,WAAW,EAAE,IAAI,CAAC,WAAW;KAC9B,CAAC,CAAC;IAEH,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAoB,EAAE,EAAE;QACpD,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3C,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACrE,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;QAC/B,OAAO,CAAC,KAAK,CAAC,gBAAgB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,yBAAyB;IACzB,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAExE,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;IAEpB,iBAAiB;IACjB,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IAEpD,oBAAoB;IACpB,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;YACnB,IAAI,CAAC;gBAAC,EAAE,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,yDAAyD,CAAC;KACtE,MAAM,CAAC,mBAAmB,EAAE,YAAY,EAAE,OAAO,CAAC;KAClD,MAAM,CAAC,sBAAsB,EAAE,uCAAuC,CAAC;KACvE,MAAM,CAAC,sBAAsB,EAAE,kCAAkC,CAAC;KAClE,MAAM,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,YAAY,CAAC;KAC1D,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;KACpD,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,oDAAoD;IACpD,MAAM,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,OAAO,CAAE,CAAC,UAAU,CAChE,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CACzD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,wBAAwB,CAAC;KACrC,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACtC,OAAO;IACT,CAAC;IACD,MAAM,GAAG,GAAG,QAAQ,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IACnE,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,8BAA8B,GAAG,GAAG,CAAC,CAAC;QAClD,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC7D,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,mBAAmB,CAAC;KAChC,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAC7B,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,QAAQ,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YACnE,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,iBAAiB;gBACvC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC/D,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,wBAAwB,CAAC;KACrC,MAAM,CAAC,qBAAqB,EAAE,aAAa,EAAE,sBAAsB,CAAC;KACpE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;QAC3E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,EAAE,CAAC;IAC1C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,+BAA+B,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5D,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,OAAO;KACJ,OAAO,CAAC,iBAAiB,CAAC;KAC1B,WAAW,CAAC,6IAA6I,CAAC;KAC1J,MAAM,CAAC,aAAa,EAAE,mEAAmE,CAAC;KAC1F,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE;IACjC,qFAAqF;IACrF,yFAAyF;IACzF,yFAAyF;IACzF,0FAA0F;IAC1F,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAC5D,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,EAAE,CAAC,CAAC;QACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IACjD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IACnC,IAAI,CAAC,IAAI,CAAC,GAAG;QAAE,OAAO,CAAC,GAAG,CAAC,2GAA2G,CAAC,CAAC;IACxI,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAC;AAE7E,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,qBAAqB,CAAC;KAClC,MAAM,CAAC,GAAG,EAAE;IACX,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC1D,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,kBAAkB,CAAC;KAC3B,WAAW,CAAC,uBAAuB,CAAC;KACpC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,oBAAoB,OAAO,gBAAgB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,UAAU,CAAC,CAAC;AAChD,CAAC,CAAC,CAAC;AAEL,gEAAgE;AAEhE,SAAS,oBAAoB,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/B,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,gEAAgE;AAEhE,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG5E,iCAAiC;AACjC,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;AACjG,IAAI,WAAW,EAAE,CAAC;IAChB,OAAO,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACjC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}
|
package/dist/proxy/server.d.ts
CHANGED
|
@@ -16,62 +16,36 @@
|
|
|
16
16
|
import { EventEmitter } from 'node:events';
|
|
17
17
|
import { type StdioBridgeOptions } from './stdio-bridge.js';
|
|
18
18
|
import type { ToolPolicy } from './types.js';
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
method: string;
|
|
26
|
-
tool_name: string;
|
|
27
|
-
decision: 'PERMITTED' | 'DENIED';
|
|
28
|
-
reason: string;
|
|
29
|
-
policy_reference: string;
|
|
30
|
-
arguments_hash: string;
|
|
31
|
-
previous_receipt_hash: string;
|
|
32
|
-
gateway_id: string;
|
|
33
|
-
signature: string;
|
|
34
|
-
public_key: string;
|
|
35
|
-
}
|
|
36
|
-
export interface EvidenceBundle {
|
|
37
|
-
schema_version: string;
|
|
38
|
-
bundle_id: string;
|
|
39
|
-
algorithm: string;
|
|
40
|
-
generated_at: string;
|
|
41
|
-
gateway_id: string;
|
|
42
|
-
public_key: string;
|
|
43
|
-
policy_reference: string;
|
|
44
|
-
receipts: GovernanceReceipt[];
|
|
45
|
-
merkle_root: string;
|
|
46
|
-
merkle_proofs: MerkleProof[];
|
|
47
|
-
offline_capable: boolean;
|
|
48
|
-
}
|
|
49
|
-
export interface MerkleProof {
|
|
50
|
-
leaf_hash: string;
|
|
51
|
-
leaf_index: number;
|
|
52
|
-
siblings: string[];
|
|
53
|
-
directions: ('left' | 'right')[];
|
|
54
|
-
merkle_root: string;
|
|
55
|
-
}
|
|
19
|
+
import { type SepReceipt, type SepBundle, type MerkleProof } from '../sep/index.js';
|
|
20
|
+
export type GovernanceReceipt = SepReceipt;
|
|
21
|
+
export type EvidenceBundle = SepBundle;
|
|
22
|
+
export type { MerkleProof };
|
|
23
|
+
/** Benign MCP protocol methods forwarded WITHOUT a passthrough receipt (no side effects). */
|
|
24
|
+
export declare const DEFAULT_PASSTHROUGH_EXCLUDE: string[];
|
|
56
25
|
export interface ProxyServerOptions {
|
|
57
26
|
port?: number;
|
|
58
27
|
policy?: ToolPolicy;
|
|
59
28
|
upstream?: StdioBridgeOptions;
|
|
60
29
|
upstreamUrl?: string;
|
|
61
30
|
gatewayId?: string;
|
|
31
|
+
/** Override the benign-method exclusion list (excluded methods are forwarded with NO passthrough receipt). */
|
|
32
|
+
passthroughExclude?: string[];
|
|
33
|
+
/** Optional denylist: non-tools/call methods to reject (records a DENIED passthrough receipt; does not forward). */
|
|
34
|
+
denyMethods?: string[];
|
|
62
35
|
}
|
|
63
36
|
export declare class GovernanceProxy extends EventEmitter {
|
|
64
37
|
private server;
|
|
65
38
|
private bridge;
|
|
66
|
-
private
|
|
39
|
+
private signer;
|
|
40
|
+
private sep;
|
|
67
41
|
private policy;
|
|
68
42
|
private port;
|
|
69
43
|
private started;
|
|
70
44
|
private upstreamOptions;
|
|
71
45
|
private upstreamUrl;
|
|
72
46
|
private gatewayId;
|
|
73
|
-
private
|
|
74
|
-
private
|
|
47
|
+
private passthroughExclude;
|
|
48
|
+
private denyMethods;
|
|
75
49
|
private policyHash;
|
|
76
50
|
private stats;
|
|
77
51
|
constructor(options?: ProxyServerOptions);
|
|
@@ -80,14 +54,13 @@ export declare class GovernanceProxy extends EventEmitter {
|
|
|
80
54
|
private handleConnection;
|
|
81
55
|
private handleMessage;
|
|
82
56
|
private interceptToolCall;
|
|
57
|
+
/** Record a governed decision as a canonical SEP receipt via the shared engine. */
|
|
83
58
|
private generateReceipt;
|
|
84
|
-
private merkleNodeHash;
|
|
85
|
-
private computeMerkleRoot;
|
|
86
|
-
private computeMerkleProof;
|
|
87
59
|
private forwardHttp;
|
|
88
60
|
private respond;
|
|
89
61
|
switchPolicy(newPolicy: ToolPolicy): Promise<void>;
|
|
90
|
-
|
|
62
|
+
/** Export the canonical SEP evidence bundle (receipts + Merkle proofs + signed checkpoint). */
|
|
63
|
+
exportBundle(): SepBundle;
|
|
91
64
|
getStatus(): {
|
|
92
65
|
public_key: string;
|
|
93
66
|
permitted: number;
|
|
@@ -100,6 +73,6 @@ export declare class GovernanceProxy extends EventEmitter {
|
|
|
100
73
|
receipt_count: number;
|
|
101
74
|
};
|
|
102
75
|
getPublicKey(): string;
|
|
103
|
-
getReceipts():
|
|
76
|
+
getReceipts(): SepReceipt[];
|
|
104
77
|
}
|
|
105
78
|
//# sourceMappingURL=server.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/proxy/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/proxy/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAe,KAAK,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEzE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAI7C,OAAO,EAEW,KAAK,UAAU,EAAE,KAAK,SAAS,EAAE,KAAK,WAAW,EAClE,MAAM,iBAAiB,CAAC;AAGzB,MAAM,MAAM,iBAAiB,GAAG,UAAU,CAAC;AAC3C,MAAM,MAAM,cAAc,GAAG,SAAS,CAAC;AACvC,YAAY,EAAE,WAAW,EAAE,CAAC;AAI5B,6FAA6F;AAC7F,eAAO,MAAM,2BAA2B,UAIvC,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8GAA8G;IAC9G,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,oHAAoH;IACpH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,qBAAa,eAAgB,SAAQ,YAAY;IAC/C,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,MAAM,CAA4B;IAG1C,OAAO,CAAC,MAAM,CAAY;IAE1B,OAAO,CAAC,GAAG,CAAa;IAGxB,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,eAAe,CAA4B;IACnD,OAAO,CAAC,WAAW,CAAgB;IACnC,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,kBAAkB,CAAc;IACxC,OAAO,CAAC,WAAW,CAAc;IAEjC,OAAO,CAAC,UAAU,CAAc;IAGhC,OAAO,CAAC,KAAK,CAAyD;gBAE1D,OAAO,GAAE,kBAAuB;IAetC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAiCtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB3B,OAAO,CAAC,gBAAgB;YAoBV,aAAa;YA+Db,iBAAiB;IAkG/B,mFAAmF;IACnF,OAAO,CAAC,eAAe;YA2BT,WAAW;IAoBzB,OAAO,CAAC,OAAO;IAQT,YAAY,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAQxD,+FAA+F;IAC/F,YAAY,IAAI,SAAS;IAIzB,SAAS;;;;;;;;;;;IAWT,YAAY,IAAI,MAAM;IACtB,WAAW,IAAI,UAAU,EAAE;CAC5B"}
|